diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml index 335b7207b..c5a2ed190 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml @@ -39,6 +39,10 @@ spec: jsonPath: ".status.build.runtimeVersion" name: "Default runtime" type: "string" + - description: "The default Camel core version" + jsonPath: ".status.build.runtimeCoreVersion" + name: "Camel version" + type: "string" name: "v1" schema: openAPIV3Schema: @@ -317,6 +321,9 @@ spec: description: "the secret where credentials are stored" type: "string" type: "object" + runtimeCoreVersion: + description: "the Camel core version used by this IntegrationPlatform" + type: "string" runtimeProvider: description: "the runtime used. Likely Camel Quarkus (we used to have main runtime which has been discontinued since version 1.5)" type: "string" @@ -1541,6 +1548,35 @@ spec: required: - "configuration" type: "object" + telemetry: + description: "The configuration of Telemetry trait" + properties: + auto: + description: "Enables automatic configuration of the trait, including automatic discovery of the telemetry endpoint." + type: "boolean" + configuration: + description: "Legacy trait configuration parameters.\nDeprecated: for backward compatibility." + type: "object" + x-kubernetes-preserve-unknown-fields: true + enabled: + description: "Can be used to enable or disable a trait. All traits share this common property." + type: "boolean" + endpoint: + description: "The target endpoint of the Telemetry service (automatically discovered by default)" + type: "string" + sampler: + description: "The sampler of the telemetry used for tracing (default \"on\")" + type: "string" + sampler-parent-based: + description: "The sampler of the telemetry used for tracing is parent based (default \"true\")" + type: "boolean" + sampler-ratio: + description: "The sampler ratio of the telemetry used for tracing" + type: "string" + serviceName: + description: "The name of the service that publishes telemetry data (defaults to the integration name)" + type: "string" + type: "object" toleration: description: "The configuration of Toleration trait" properties: @@ -1834,6 +1870,9 @@ spec: description: "the secret where credentials are stored" type: "string" type: "object" + runtimeCoreVersion: + description: "the Camel core version used by this IntegrationPlatform" + type: "string" runtimeProvider: description: "the runtime used. Likely Camel Quarkus (we used to have main runtime which has been discontinued since version 1.5)" type: "string" @@ -3100,6 +3139,35 @@ spec: required: - "configuration" type: "object" + telemetry: + description: "The configuration of Telemetry trait" + properties: + auto: + description: "Enables automatic configuration of the trait, including automatic discovery of the telemetry endpoint." + type: "boolean" + configuration: + description: "Legacy trait configuration parameters.\nDeprecated: for backward compatibility." + type: "object" + x-kubernetes-preserve-unknown-fields: true + enabled: + description: "Can be used to enable or disable a trait. All traits share this common property." + type: "boolean" + endpoint: + description: "The target endpoint of the Telemetry service (automatically discovered by default)" + type: "string" + sampler: + description: "The sampler of the telemetry used for tracing (default \"on\")" + type: "string" + sampler-parent-based: + description: "The sampler of the telemetry used for tracing is parent based (default \"true\")" + type: "boolean" + sampler-ratio: + description: "The sampler ratio of the telemetry used for tracing" + type: "string" + serviceName: + description: "The name of the service that publishes telemetry data (defaults to the integration name)" + type: "string" + type: "object" toleration: description: "The configuration of Toleration trait" properties: diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml index 64a99964d..66025d5f8 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml @@ -1442,6 +1442,35 @@ spec: required: - "configuration" type: "object" + telemetry: + description: "The configuration of Telemetry trait" + properties: + auto: + description: "Enables automatic configuration of the trait, including automatic discovery of the telemetry endpoint." + type: "boolean" + configuration: + description: "Legacy trait configuration parameters.\nDeprecated: for backward compatibility." + type: "object" + x-kubernetes-preserve-unknown-fields: true + enabled: + description: "Can be used to enable or disable a trait. All traits share this common property." + type: "boolean" + endpoint: + description: "The target endpoint of the Telemetry service (automatically discovered by default)" + type: "string" + sampler: + description: "The sampler of the telemetry used for tracing (default \"on\")" + type: "string" + sampler-parent-based: + description: "The sampler of the telemetry used for tracing is parent based (default \"true\")" + type: "boolean" + sampler-ratio: + description: "The sampler ratio of the telemetry used for tracing" + type: "string" + serviceName: + description: "The name of the service that publishes telemetry data (defaults to the integration name)" + type: "string" + type: "object" toleration: description: "The configuration of Toleration trait" properties: @@ -2909,6 +2938,35 @@ spec: required: - "configuration" type: "object" + telemetry: + description: "The configuration of Telemetry trait" + properties: + auto: + description: "Enables automatic configuration of the trait, including automatic discovery of the telemetry endpoint." + type: "boolean" + configuration: + description: "Legacy trait configuration parameters.\nDeprecated: for backward compatibility." + type: "object" + x-kubernetes-preserve-unknown-fields: true + enabled: + description: "Can be used to enable or disable a trait. All traits share this common property." + type: "boolean" + endpoint: + description: "The target endpoint of the Telemetry service (automatically discovered by default)" + type: "string" + sampler: + description: "The sampler of the telemetry used for tracing (default \"on\")" + type: "string" + sampler-parent-based: + description: "The sampler of the telemetry used for tracing is parent based (default \"true\")" + type: "boolean" + sampler-ratio: + description: "The sampler ratio of the telemetry used for tracing" + type: "string" + serviceName: + description: "The name of the service that publishes telemetry data (defaults to the integration name)" + type: "string" + type: "object" toleration: description: "The configuration of Toleration trait" properties: diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml index 04416fd11..a66d83659 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml @@ -5066,6 +5066,35 @@ spec: required: - "configuration" type: "object" + telemetry: + description: "The configuration of Telemetry trait" + properties: + auto: + description: "Enables automatic configuration of the trait, including automatic discovery of the telemetry endpoint." + type: "boolean" + configuration: + description: "Legacy trait configuration parameters.\nDeprecated: for backward compatibility." + type: "object" + x-kubernetes-preserve-unknown-fields: true + enabled: + description: "Can be used to enable or disable a trait. All traits share this common property." + type: "boolean" + endpoint: + description: "The target endpoint of the Telemetry service (automatically discovered by default)" + type: "string" + sampler: + description: "The sampler of the telemetry used for tracing (default \"on\")" + type: "string" + sampler-parent-based: + description: "The sampler of the telemetry used for tracing is parent based (default \"true\")" + type: "boolean" + sampler-ratio: + description: "The sampler ratio of the telemetry used for tracing" + type: "string" + serviceName: + description: "The name of the service that publishes telemetry data (defaults to the integration name)" + type: "string" + type: "object" toleration: description: "The configuration of Toleration trait" properties: diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/kamelets.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/kamelets.yaml index 3bbdece13..75c03cc34 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/kamelets.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/kamelets.yaml @@ -495,6 +495,457 @@ spec: type: "object" description: "data specification types for the events consumed/produced by the Kamelet\nDeprecated: In favor of using DataTypes" type: "object" + versions: + additionalProperties: + description: "KameletSpecBase specifies the base configuration of a Kamelet." + properties: + dataTypes: + additionalProperties: + description: "DataTypesSpec represents the specification for a set of data types." + properties: + default: + description: "the default data type for this Kamelet" + type: "string" + headers: + additionalProperties: + description: "HeaderSpec represents the specification for a header used in the Kamelet." + properties: + default: + type: "string" + description: + type: "string" + required: + type: "boolean" + title: + type: "string" + type: + type: "string" + type: "object" + description: "one to many header specifications" + type: "object" + types: + additionalProperties: + description: "DataTypeSpec represents the specification for a data type." + properties: + dependencies: + description: "the list of Camel or Maven dependencies required by the data type" + items: + type: "string" + type: "array" + description: + description: "optional description" + type: "string" + format: + description: "the data type format name" + type: "string" + headers: + additionalProperties: + description: "HeaderSpec represents the specification for a header used in the Kamelet." + properties: + default: + type: "string" + description: + type: "string" + required: + type: "boolean" + title: + type: "string" + type: + type: "string" + type: "object" + description: "one to many header specifications" + type: "object" + mediaType: + description: "media type as expected for HTTP media types (ie, application/json)" + type: "string" + schema: + description: "the expected schema for the data type" + properties: + $schema: + description: "JSONSchemaURL represents a schema url." + type: "string" + description: + type: "string" + example: + description: "JSON represents any valid JSON value.\nThese types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil." + x-kubernetes-preserve-unknown-fields: true + externalDocs: + description: "ExternalDocumentation allows referencing an external resource for extended documentation." + properties: + description: + type: "string" + url: + type: "string" + type: "object" + id: + type: "string" + properties: + additionalProperties: + properties: + default: + description: "default is a default value for undefined object fields." + x-kubernetes-preserve-unknown-fields: true + deprecated: + type: "boolean" + description: + type: "string" + enum: + items: + description: "JSON represents any valid JSON value.\nThese types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil." + x-kubernetes-preserve-unknown-fields: true + type: "array" + example: + description: "JSON represents any valid JSON value.\nThese types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil." + x-kubernetes-preserve-unknown-fields: true + exclusiveMaximum: + type: "boolean" + exclusiveMinimum: + type: "boolean" + format: + description: "format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated:\n\n\n- bsonobjectid: a bson object ID, i.e. a 24 characters hex string\n- uri: an URI as parsed by Golang net/url.ParseRequestURI\n- email: an email address as parsed by Golang net/mail.ParseAddress\n- hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034].\n- ipv4: an IPv4 IP as parsed by Golang net.ParseIP\n- ipv6: an IPv6 IP as parsed by Golang net.ParseIP\n- cidr: a CIDR as parsed by Golang net.ParseCIDR\n- mac: a MAC address as parsed by Golang net.ParseMAC\n- uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$\n- uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$\n- uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$\n- uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$\n- isbn: an ISBN10 or ISBN13 number string like \"0321751043\" or \"978-0321751041\"\n- isbn10: an ISBN10 number string like \"0321751043\"\n- isbn13: an ISBN13 number string like \"978-0321751041\"\n- creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\\\d{3})\\\\d{11})$ with any non digit characters mixed in\n- ssn: a U.S. social security number following the regex ^\\\\d{3}[- ]?\\\\d{2}[- ]?\\\\d{4}$\n- hexcolor: an hexadecimal color code like \"#FFFFFF\" following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$\n- rgbcolor: an RGB color code like rgb like \"rgb(255,255,255)\"\n- byte: base64 encoded binary data\n- password: any kind of string\n- date: a date string like \"2006-01-02\" as defined by full-date in RFC3339\n- duration: a duration string like \"22 ns\" as parsed by Golang time.ParseDuration or compatible with Scala duration format\n- datetime: a date time string like \"2014-12-15T19:30:20.000Z\" as defined by date-time in RFC3339." + type: "string" + id: + type: "string" + maxItems: + format: "int64" + type: "integer" + maxLength: + format: "int64" + type: "integer" + maxProperties: + format: "int64" + type: "integer" + maximum: + description: "A Number represents a JSON number literal." + type: "string" + minItems: + format: "int64" + type: "integer" + minLength: + format: "int64" + type: "integer" + minProperties: + format: "int64" + type: "integer" + minimum: + description: "A Number represents a JSON number literal." + type: "string" + multipleOf: + description: "A Number represents a JSON number literal." + type: "string" + nullable: + type: "boolean" + pattern: + type: "string" + title: + type: "string" + type: + type: "string" + uniqueItems: + type: "boolean" + x-descriptors: + description: "XDescriptors is a list of extended properties that trigger a custom behavior in external systems" + items: + type: "string" + type: "array" + type: "object" + type: "object" + required: + items: + type: "string" + type: "array" + title: + type: "string" + type: + type: "string" + type: "object" + scheme: + description: "the data type component scheme" + type: "string" + type: "object" + description: "one to many data type specifications" + type: "object" + type: "object" + description: "data specification types for the events consumed/produced by the Kamelet" + type: "object" + definition: + description: "defines the formal configuration of the Kamelet" + properties: + $schema: + description: "JSONSchemaURL represents a schema url." + type: "string" + description: + type: "string" + example: + description: "JSON represents any valid JSON value.\nThese types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil." + x-kubernetes-preserve-unknown-fields: true + externalDocs: + description: "ExternalDocumentation allows referencing an external resource for extended documentation." + properties: + description: + type: "string" + url: + type: "string" + type: "object" + id: + type: "string" + properties: + additionalProperties: + properties: + default: + description: "default is a default value for undefined object fields." + x-kubernetes-preserve-unknown-fields: true + deprecated: + type: "boolean" + description: + type: "string" + enum: + items: + description: "JSON represents any valid JSON value.\nThese types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil." + x-kubernetes-preserve-unknown-fields: true + type: "array" + example: + description: "JSON represents any valid JSON value.\nThese types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil." + x-kubernetes-preserve-unknown-fields: true + exclusiveMaximum: + type: "boolean" + exclusiveMinimum: + type: "boolean" + format: + description: "format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated:\n\n\n- bsonobjectid: a bson object ID, i.e. a 24 characters hex string\n- uri: an URI as parsed by Golang net/url.ParseRequestURI\n- email: an email address as parsed by Golang net/mail.ParseAddress\n- hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034].\n- ipv4: an IPv4 IP as parsed by Golang net.ParseIP\n- ipv6: an IPv6 IP as parsed by Golang net.ParseIP\n- cidr: a CIDR as parsed by Golang net.ParseCIDR\n- mac: a MAC address as parsed by Golang net.ParseMAC\n- uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$\n- uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$\n- uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$\n- uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$\n- isbn: an ISBN10 or ISBN13 number string like \"0321751043\" or \"978-0321751041\"\n- isbn10: an ISBN10 number string like \"0321751043\"\n- isbn13: an ISBN13 number string like \"978-0321751041\"\n- creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\\\d{3})\\\\d{11})$ with any non digit characters mixed in\n- ssn: a U.S. social security number following the regex ^\\\\d{3}[- ]?\\\\d{2}[- ]?\\\\d{4}$\n- hexcolor: an hexadecimal color code like \"#FFFFFF\" following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$\n- rgbcolor: an RGB color code like rgb like \"rgb(255,255,255)\"\n- byte: base64 encoded binary data\n- password: any kind of string\n- date: a date string like \"2006-01-02\" as defined by full-date in RFC3339\n- duration: a duration string like \"22 ns\" as parsed by Golang time.ParseDuration or compatible with Scala duration format\n- datetime: a date time string like \"2014-12-15T19:30:20.000Z\" as defined by date-time in RFC3339." + type: "string" + id: + type: "string" + maxItems: + format: "int64" + type: "integer" + maxLength: + format: "int64" + type: "integer" + maxProperties: + format: "int64" + type: "integer" + maximum: + description: "A Number represents a JSON number literal." + type: "string" + minItems: + format: "int64" + type: "integer" + minLength: + format: "int64" + type: "integer" + minProperties: + format: "int64" + type: "integer" + minimum: + description: "A Number represents a JSON number literal." + type: "string" + multipleOf: + description: "A Number represents a JSON number literal." + type: "string" + nullable: + type: "boolean" + pattern: + type: "string" + title: + type: "string" + type: + type: "string" + uniqueItems: + type: "boolean" + x-descriptors: + description: "XDescriptors is a list of extended properties that trigger a custom behavior in external systems" + items: + type: "string" + type: "array" + type: "object" + type: "object" + required: + items: + type: "string" + type: "array" + title: + type: "string" + type: + type: "string" + type: "object" + dependencies: + description: "Camel dependencies needed by the Kamelet" + items: + type: "string" + type: "array" + sources: + description: "sources in any Camel DSL supported" + items: + description: "SourceSpec defines the configuration for one or more routes to be executed in a certain Camel DSL language." + properties: + compression: + description: "if the content is compressed (base64 encrypted)" + type: "boolean" + content: + description: "the source code (plain text)" + type: "string" + contentKey: + description: "the confimap key holding the source content" + type: "string" + contentRef: + description: "the confimap reference holding the source content" + type: "string" + contentType: + description: "the content type (tipically text or binary)" + type: "string" + from-kamelet: + description: "True if the spec is generated from a Kamelet" + type: "boolean" + interceptors: + description: "Interceptors are optional identifiers the org.apache.camel.k.RoutesLoader\nuses to pre/post process sources" + items: + type: "string" + type: "array" + language: + description: "specify which is the language (Camel DSL) used to interpret this source code" + type: "string" + loader: + description: "Loader is an optional id of the org.apache.camel.k.RoutesLoader that will\ninterpret this source at runtime" + type: "string" + name: + description: "the name of the specification" + type: "string" + path: + description: "the path where the file is stored" + type: "string" + property-names: + description: "List of property names defined in the source (e.g. if type is \"template\")" + items: + type: "string" + type: "array" + rawContent: + description: "the source code (binary)" + format: "byte" + type: "string" + type: + description: "Type defines the kind of source described by this object" + type: "string" + type: "object" + type: "array" + template: + description: "the main source in YAML DSL" + type: "object" + x-kubernetes-preserve-unknown-fields: true + types: + additionalProperties: + description: "EventTypeSpec represents a specification for an event type.\nDeprecated: In favor of using DataTypeSpec." + properties: + mediaType: + description: "media type as expected for HTTP media types (ie, application/json)" + type: "string" + schema: + description: "the expected schema for the event" + properties: + $schema: + description: "JSONSchemaURL represents a schema url." + type: "string" + description: + type: "string" + example: + description: "JSON represents any valid JSON value.\nThese types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil." + x-kubernetes-preserve-unknown-fields: true + externalDocs: + description: "ExternalDocumentation allows referencing an external resource for extended documentation." + properties: + description: + type: "string" + url: + type: "string" + type: "object" + id: + type: "string" + properties: + additionalProperties: + properties: + default: + description: "default is a default value for undefined object fields." + x-kubernetes-preserve-unknown-fields: true + deprecated: + type: "boolean" + description: + type: "string" + enum: + items: + description: "JSON represents any valid JSON value.\nThese types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil." + x-kubernetes-preserve-unknown-fields: true + type: "array" + example: + description: "JSON represents any valid JSON value.\nThese types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil." + x-kubernetes-preserve-unknown-fields: true + exclusiveMaximum: + type: "boolean" + exclusiveMinimum: + type: "boolean" + format: + description: "format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated:\n\n\n- bsonobjectid: a bson object ID, i.e. a 24 characters hex string\n- uri: an URI as parsed by Golang net/url.ParseRequestURI\n- email: an email address as parsed by Golang net/mail.ParseAddress\n- hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034].\n- ipv4: an IPv4 IP as parsed by Golang net.ParseIP\n- ipv6: an IPv6 IP as parsed by Golang net.ParseIP\n- cidr: a CIDR as parsed by Golang net.ParseCIDR\n- mac: a MAC address as parsed by Golang net.ParseMAC\n- uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$\n- uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$\n- uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$\n- uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$\n- isbn: an ISBN10 or ISBN13 number string like \"0321751043\" or \"978-0321751041\"\n- isbn10: an ISBN10 number string like \"0321751043\"\n- isbn13: an ISBN13 number string like \"978-0321751041\"\n- creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\\\d{3})\\\\d{11})$ with any non digit characters mixed in\n- ssn: a U.S. social security number following the regex ^\\\\d{3}[- ]?\\\\d{2}[- ]?\\\\d{4}$\n- hexcolor: an hexadecimal color code like \"#FFFFFF\" following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$\n- rgbcolor: an RGB color code like rgb like \"rgb(255,255,255)\"\n- byte: base64 encoded binary data\n- password: any kind of string\n- date: a date string like \"2006-01-02\" as defined by full-date in RFC3339\n- duration: a duration string like \"22 ns\" as parsed by Golang time.ParseDuration or compatible with Scala duration format\n- datetime: a date time string like \"2014-12-15T19:30:20.000Z\" as defined by date-time in RFC3339." + type: "string" + id: + type: "string" + maxItems: + format: "int64" + type: "integer" + maxLength: + format: "int64" + type: "integer" + maxProperties: + format: "int64" + type: "integer" + maximum: + description: "A Number represents a JSON number literal." + type: "string" + minItems: + format: "int64" + type: "integer" + minLength: + format: "int64" + type: "integer" + minProperties: + format: "int64" + type: "integer" + minimum: + description: "A Number represents a JSON number literal." + type: "string" + multipleOf: + description: "A Number represents a JSON number literal." + type: "string" + nullable: + type: "boolean" + pattern: + type: "string" + title: + type: "string" + type: + type: "string" + uniqueItems: + type: "boolean" + x-descriptors: + description: "XDescriptors is a list of extended properties that trigger a custom behavior in external systems" + items: + type: "string" + type: "array" + type: "object" + type: "object" + required: + items: + type: "string" + type: "array" + title: + type: "string" + type: + type: "string" + type: "object" + type: "object" + description: "data specification types for the events consumed/produced by the Kamelet\nDeprecated: In favor of using DataTypes" + type: "object" + type: "object" + description: "the optional versions available for this Kamelet. This field may not be taken in account by Camel core and is meant to support\nany user defined versioning model on cluster only. If the user wants to use any given version, she must materialize a file with the given version spec\nas the `main` Kamelet spec on the runtime." + type: "object" type: "object" status: default: diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml index cfdab7610..cb5e7f1f3 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml @@ -5053,6 +5053,35 @@ spec: required: - "configuration" type: "object" + telemetry: + description: "The configuration of Telemetry trait" + properties: + auto: + description: "Enables automatic configuration of the trait, including automatic discovery of the telemetry endpoint." + type: "boolean" + configuration: + description: "Legacy trait configuration parameters.\nDeprecated: for backward compatibility." + type: "object" + x-kubernetes-preserve-unknown-fields: true + enabled: + description: "Can be used to enable or disable a trait. All traits share this common property." + type: "boolean" + endpoint: + description: "The target endpoint of the Telemetry service (automatically discovered by default)" + type: "string" + sampler: + description: "The sampler of the telemetry used for tracing (default \"on\")" + type: "string" + sampler-parent-based: + description: "The sampler of the telemetry used for tracing is parent based (default \"true\")" + type: "boolean" + sampler-ratio: + description: "The sampler ratio of the telemetry used for tracing" + type: "string" + serviceName: + description: "The name of the service that publishes telemetry data (defaults to the integration name)" + type: "string" + type: "object" toleration: description: "The configuration of Toleration trait" properties: diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1alpha1/kameletbindings.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1alpha1/kameletbindings.yaml index 9fa8917ac..3a235b203 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1alpha1/kameletbindings.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1alpha1/kameletbindings.yaml @@ -5055,6 +5055,35 @@ spec: required: - "configuration" type: "object" + telemetry: + description: "The configuration of Telemetry trait" + properties: + auto: + description: "Enables automatic configuration of the trait, including automatic discovery of the telemetry endpoint." + type: "boolean" + configuration: + description: "Legacy trait configuration parameters.\nDeprecated: for backward compatibility." + type: "object" + x-kubernetes-preserve-unknown-fields: true + enabled: + description: "Can be used to enable or disable a trait. All traits share this common property." + type: "boolean" + endpoint: + description: "The target endpoint of the Telemetry service (automatically discovered by default)" + type: "string" + sampler: + description: "The sampler of the telemetry used for tracing (default \"on\")" + type: "string" + sampler-parent-based: + description: "The sampler of the telemetry used for tracing is parent based (default \"true\")" + type: "boolean" + sampler-ratio: + description: "The sampler ratio of the telemetry used for tracing" + type: "string" + serviceName: + description: "The name of the service that publishes telemetry data (defaults to the integration name)" + type: "string" + type: "object" toleration: description: "The configuration of Toleration trait" properties: diff --git a/crd-catalog/apache/flink-kubernetes-operator/flink.apache.org/v1beta1/flinkdeployments.yaml b/crd-catalog/apache/flink-kubernetes-operator/flink.apache.org/v1beta1/flinkdeployments.yaml index 51b80f032..3c3608b9f 100644 --- a/crd-catalog/apache/flink-kubernetes-operator/flink.apache.org/v1beta1/flinkdeployments.yaml +++ b/crd-catalog/apache/flink-kubernetes-operator/flink.apache.org/v1beta1/flinkdeployments.yaml @@ -86,15 +86,6 @@ spec: type: "integer" entryClass: type: "string" - flinkStateSnapshotReference: - properties: - name: - type: "string" - namespace: - type: "string" - path: - type: "string" - type: "object" initialSavepointPath: type: "string" jarURI: @@ -10365,15 +10356,8 @@ spec: type: "string" updateTime: type: "string" - upgradeSnapshotReference: - properties: - name: - type: "string" - namespace: - type: "string" - path: - type: "string" - type: "object" + upgradeSavepointPath: + type: "string" type: "object" lifecycleState: enum: diff --git a/crd-catalog/apache/flink-kubernetes-operator/flink.apache.org/v1beta1/flinksessionjobs.yaml b/crd-catalog/apache/flink-kubernetes-operator/flink.apache.org/v1beta1/flinksessionjobs.yaml index 7b9a1e660..00197312a 100644 --- a/crd-catalog/apache/flink-kubernetes-operator/flink.apache.org/v1beta1/flinksessionjobs.yaml +++ b/crd-catalog/apache/flink-kubernetes-operator/flink.apache.org/v1beta1/flinksessionjobs.yaml @@ -47,15 +47,6 @@ spec: type: "integer" entryClass: type: "string" - flinkStateSnapshotReference: - properties: - name: - type: "string" - namespace: - type: "string" - path: - type: "string" - type: "object" initialSavepointPath: type: "string" jarURI: @@ -207,15 +198,8 @@ spec: type: "string" updateTime: type: "string" - upgradeSnapshotReference: - properties: - name: - type: "string" - namespace: - type: "string" - path: - type: "string" - type: "object" + upgradeSavepointPath: + type: "string" type: "object" lifecycleState: enum: diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/components.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/components.yaml index 97b046f3b..3ebbcd48b 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/components.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/components.yaml @@ -11,7 +11,6 @@ spec: names: categories: - "kubeblocks" - - "all" kind: "Component" listKind: "ComponentList" plural: "components" diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsrequests.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsrequests.yaml index 15f8fad13..a85910761 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsrequests.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsrequests.yaml @@ -11,7 +11,6 @@ spec: names: categories: - "kubeblocks" - - "all" kind: "OpsRequest" listKind: "OpsRequestList" plural: "opsrequests" diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/servicedescriptors.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/servicedescriptors.yaml index 7f73cdf49..b3a24ca55 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/servicedescriptors.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/servicedescriptors.yaml @@ -11,7 +11,6 @@ spec: names: categories: - "kubeblocks" - - "all" kind: "ServiceDescriptor" listKind: "ServiceDescriptorList" plural: "servicedescriptors" diff --git a/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/actionsets.yaml b/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/actionsets.yaml index 62a6a84a4..a2ca34ef2 100644 --- a/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/actionsets.yaml +++ b/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/actionsets.yaml @@ -354,6 +354,10 @@ spec: restore: description: "Specifies the restore action." properties: + baseBackupRequired: + default: true + description: "Determines if a base backup is required during restoration." + type: "boolean" postReady: description: "Specifies the actions that should be executed after the data has been prepared and is ready for restoration." items: diff --git a/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/restores.yaml b/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/restores.yaml index 666f87a75..19b12745b 100644 --- a/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/restores.yaml +++ b/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/restores.yaml @@ -11,7 +11,6 @@ spec: names: categories: - "kubeblocks" - - "all" kind: "Restore" listKind: "RestoreList" plural: "restores" diff --git a/crd-catalog/apecloud/kubeblocks/workloads.kubeblocks.io/v1alpha1/instancesets.yaml b/crd-catalog/apecloud/kubeblocks/workloads.kubeblocks.io/v1alpha1/instancesets.yaml index 90c2de739..043b3ec10 100644 --- a/crd-catalog/apecloud/kubeblocks/workloads.kubeblocks.io/v1alpha1/instancesets.yaml +++ b/crd-catalog/apecloud/kubeblocks/workloads.kubeblocks.io/v1alpha1/instancesets.yaml @@ -11,7 +11,6 @@ spec: names: categories: - "kubeblocks" - - "all" kind: "InstanceSet" listKind: "InstanceSetList" plural: "instancesets" diff --git a/crd-catalog/aws-controllers-k8s/acmpca-controller/acmpca.services.k8s.aws/v1alpha1/certificates.yaml b/crd-catalog/aws-controllers-k8s/acmpca-controller/acmpca.services.k8s.aws/v1alpha1/certificates.yaml index 76bef6977..c1419b4f0 100644 --- a/crd-catalog/aws-controllers-k8s/acmpca-controller/acmpca.services.k8s.aws/v1alpha1/certificates.yaml +++ b/crd-catalog/aws-controllers-k8s/acmpca-controller/acmpca.services.k8s.aws/v1alpha1/certificates.yaml @@ -234,6 +234,22 @@ spec: type: "string" type: "object" type: "object" + certificateOutput: + description: "SecretKeyReference combines a k8s corev1.SecretReference with a\nspecific key within the referred-to Secret" + properties: + key: + description: "Key is the key within the secret" + type: "string" + name: + description: "name is unique within a namespace to reference a secret resource." + type: "string" + namespace: + description: "namespace defines the space within which the secret name must be unique." + type: "string" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" certificateSigningRequest: type: "string" certificateSigningRequestRef: diff --git a/crd-catalog/aws-controllers-k8s/cloudfront-controller/cloudfront.services.k8s.aws/v1alpha1/responseheaderspolicies.yaml b/crd-catalog/aws-controllers-k8s/cloudfront-controller/cloudfront.services.k8s.aws/v1alpha1/responseheaderspolicies.yaml index a67ca8753..428493888 100644 --- a/crd-catalog/aws-controllers-k8s/cloudfront-controller/cloudfront.services.k8s.aws/v1alpha1/responseheaderspolicies.yaml +++ b/crd-catalog/aws-controllers-k8s/cloudfront-controller/cloudfront.services.k8s.aws/v1alpha1/responseheaderspolicies.yaml @@ -153,7 +153,7 @@ spec: preload: type: "boolean" type: "object" - xSSProtection: + xssProtection: description: "Determines whether CloudFront includes the X-XSS-Protection HTTP response\nheader and the header's value.\n\n\nFor more information about the X-XSS-Protection HTTP response header, see\nX-XSS-Protection (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection)\nin the MDN Web Docs." properties: modeBlock: diff --git a/crd-catalog/aws-controllers-k8s/networkfirewall-controller/networkfirewall.services.k8s.aws/v1alpha1/firewalls.yaml b/crd-catalog/aws-controllers-k8s/networkfirewall-controller/networkfirewall.services.k8s.aws/v1alpha1/firewalls.yaml index 1f47667e1..5a5d06969 100644 --- a/crd-catalog/aws-controllers-k8s/networkfirewall-controller/networkfirewall.services.k8s.aws/v1alpha1/firewalls.yaml +++ b/crd-catalog/aws-controllers-k8s/networkfirewall-controller/networkfirewall.services.k8s.aws/v1alpha1/firewalls.yaml @@ -193,7 +193,7 @@ spec: availableCIDRCount: format: "int64" type: "integer" - iPSetReferences: + ipSetReferences: additionalProperties: description: "General information about the IP set." properties: diff --git a/crd-catalog/aws-controllers-k8s/networkfirewall-controller/networkfirewall.services.k8s.aws/v1alpha1/rulegroups.yaml b/crd-catalog/aws-controllers-k8s/networkfirewall-controller/networkfirewall.services.k8s.aws/v1alpha1/rulegroups.yaml index 9a93fdf64..018f3f1a5 100644 --- a/crd-catalog/aws-controllers-k8s/networkfirewall-controller/networkfirewall.services.k8s.aws/v1alpha1/rulegroups.yaml +++ b/crd-catalog/aws-controllers-k8s/networkfirewall-controller/networkfirewall.services.k8s.aws/v1alpha1/rulegroups.yaml @@ -56,7 +56,7 @@ spec: referenceSets: description: "Contains a set of IP set references." properties: - iPSetReferences: + ipSetReferences: additionalProperties: description: "Configures one or more IP set references for a Suricata-compatible rule group.\nThis is used in CreateRuleGroup or UpdateRuleGroup. An IP set reference is\na rule variable that references resources that you create and manage in another\nAmazon Web Services service, such as an Amazon VPC prefix list. Network Firewall\nIP set references enable you to dynamically update the contents of your rules.\nWhen you create, update, or delete the resource you are referencing in your\nrule, Network Firewall automatically updates the rule's content with the\nchanges. For more information about IP set references in Network Firewall,\nsee Using IP set references (https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references)\nin the Network Firewall Developer Guide.\n\n\nNetwork Firewall currently supports Amazon VPC prefix lists (https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html)\nand resource groups (https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references.html#rule-groups-referencing-resource-groups)\nin IP set references." properties: @@ -68,7 +68,7 @@ spec: ruleVariables: description: "Settings that are available for use in the rules in the RuleGroup where this\nis defined." properties: - iPSets: + ipSets: additionalProperties: description: "A list of IP addresses and address ranges, in CIDR notation. This is part\nof a RuleVariables." properties: diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml index 7b2df47e5..fda05a615 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml @@ -18,7 +18,11 @@ spec: singular: "ciliumclusterwidenetworkpolicy" scope: "Cluster" versions: - - name: "v2" + - additionalPrinterColumns: + - jsonPath: ".status.conditions[?(@.type=='Valid')].status" + name: "Valid" + type: "string" + name: "v2" schema: openAPIV3Schema: description: "CiliumClusterwideNetworkPolicy is a Kubernetes third-party resource with an modified version of CiliumNetworkPolicy which is cluster scoped rather than namespace scoped." diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml index cc33d5d1b..d5fe4cde0 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml @@ -23,6 +23,9 @@ spec: - jsonPath: ".metadata.creationTimestamp" name: "Age" type: "date" + - jsonPath: ".status.conditions[?(@.type=='Valid')].status" + name: "Valid" + type: "string" name: "v2" schema: openAPIV3Schema: diff --git a/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1/configurationrevisions.yaml b/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1/configurationrevisions.yaml index ce352d3bf..ddfc6c101 100644 --- a/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1/configurationrevisions.yaml +++ b/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1/configurationrevisions.yaml @@ -79,7 +79,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1/configurations.yaml b/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1/configurations.yaml index 295024f27..a98954e06 100644 --- a/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1/configurations.yaml +++ b/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1/configurations.yaml @@ -67,7 +67,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1/providerrevisions.yaml b/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1/providerrevisions.yaml index b4cf5c0c9..1f02e4b85 100644 --- a/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1/providerrevisions.yaml +++ b/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1/providerrevisions.yaml @@ -88,7 +88,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1/providers.yaml b/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1/providers.yaml index 289f246d3..68ff0273d 100644 --- a/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1/providers.yaml +++ b/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1/providers.yaml @@ -76,7 +76,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1alpha1/controllerconfigs.yaml b/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1alpha1/controllerconfigs.yaml index 335f64318..098a26365 100644 --- a/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1alpha1/controllerconfigs.yaml +++ b/crd-catalog/crossplane/crossplane/pkg.crossplane.io/v1alpha1/controllerconfigs.yaml @@ -615,7 +615,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -664,7 +665,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -687,7 +689,8 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -701,7 +704,8 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret must be defined" @@ -722,7 +726,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1170,7 +1175,8 @@ spec: description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1193,7 +1199,8 @@ spec: description: "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1232,7 +1239,8 @@ spec: type: "array" x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -1252,7 +1260,8 @@ spec: description: "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1529,7 +1538,8 @@ spec: description: "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1646,7 +1656,8 @@ spec: description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1804,7 +1815,8 @@ spec: type: "array" x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -1890,7 +1902,8 @@ spec: type: "array" x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -1970,7 +1983,8 @@ spec: description: "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2000,7 +2014,8 @@ spec: description: "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2072,7 +2087,8 @@ spec: description: "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxbrokers.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxbrokers.yaml index ea8c3d51f..c015d2096 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxbrokers.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxbrokers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.9.2" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "emqxbrokers.apps.emqx.io" spec: group: "apps.emqx.io" @@ -1242,6 +1242,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1332,6 +1333,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1618,6 +1620,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1681,6 +1684,8 @@ spec: username: default: "admin" type: "string" + required: + - "image" type: "object" env: items: @@ -1985,6 +1990,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2089,6 +2095,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2274,6 +2281,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2629,6 +2637,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2733,6 +2742,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2918,6 +2928,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxenterprises.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxenterprises.yaml index a9e3fce06..8c4c6819c 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxenterprises.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxenterprises.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.9.2" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "emqxenterprises.apps.emqx.io" spec: group: "apps.emqx.io" @@ -1252,6 +1252,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1345,6 +1346,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1631,6 +1633,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1694,6 +1697,8 @@ spec: username: default: "admin" type: "string" + required: + - "image" type: "object" env: items: @@ -1998,6 +2003,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2102,6 +2108,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2287,6 +2294,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2642,6 +2650,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2746,6 +2755,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2931,6 +2941,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxplugins.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxplugins.yaml index 7606aea9f..fff23fe8e 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxplugins.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxplugins.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.9.2" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "emqxplugins.apps.emqx.io" spec: group: "apps.emqx.io" @@ -36,6 +36,9 @@ spec: additionalProperties: type: "string" type: "object" + required: + - "pluginName" + - "selector" type: "object" status: properties: diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxbrokers.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxbrokers.yaml index 6d7eb5a07..fd71365bd 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxbrokers.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxbrokers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.9.2" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "emqxbrokers.apps.emqx.io" spec: group: "apps.emqx.io" @@ -826,6 +826,8 @@ spec: type: "string" version: type: "string" + required: + - "version" type: "object" lifecycle: properties: @@ -964,6 +966,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1066,6 +1069,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1240,6 +1244,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1584,6 +1589,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1688,6 +1694,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1873,6 +1880,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2222,6 +2230,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2326,6 +2335,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2511,6 +2521,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2866,6 +2877,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2970,6 +2982,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -3155,6 +3168,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxenterprises.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxenterprises.yaml index 7255c08e0..0c4697a3d 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxenterprises.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxenterprises.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.9.2" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "emqxenterprises.apps.emqx.io" spec: group: "apps.emqx.io" @@ -857,6 +857,8 @@ spec: type: "string" version: type: "string" + required: + - "version" type: "object" lifecycle: properties: @@ -995,6 +997,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1097,6 +1100,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1271,6 +1275,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1615,6 +1620,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1719,6 +1725,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1904,6 +1911,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2253,6 +2261,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2357,6 +2366,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2542,6 +2552,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2897,6 +2908,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -3001,6 +3013,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -3186,6 +3199,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxplugins.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxplugins.yaml index dcd7fe60d..978df50e7 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxplugins.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxplugins.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.9.2" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "emqxplugins.apps.emqx.io" spec: group: "apps.emqx.io" @@ -35,6 +35,9 @@ spec: additionalProperties: type: "string" type: "object" + required: + - "pluginName" + - "selector" type: "object" type: "object" served: true diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/rebalances.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/rebalances.yaml index d7a6ef2c2..345a03ee2 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/rebalances.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/rebalances.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.9.2" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "rebalances.apps.emqx.io" spec: group: "apps.emqx.io" diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2alpha1/emqxes.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2alpha1/emqxes.yaml index 8ff0f9da4..e095018de 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2alpha1/emqxes.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2alpha1/emqxes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.9.2" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "emqxes.apps.emqx.io" spec: group: "apps.emqx.io" @@ -878,6 +878,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -982,6 +983,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1167,6 +1169,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2289,6 +2292,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2393,6 +2397,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2578,6 +2583,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2823,6 +2829,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2991,6 +2998,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -3104,6 +3112,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -3444,9 +3453,9 @@ spec: format: "int32" type: "integer" protocol: - default: "TCP" type: "string" required: + - "error" - "port" - "protocol" type: "object" @@ -3647,9 +3656,9 @@ spec: format: "int32" type: "integer" protocol: - default: "TCP" type: "string" required: + - "error" - "port" - "protocol" type: "object" @@ -4483,6 +4492,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -4587,6 +4597,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -4772,6 +4783,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -5894,6 +5906,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -5998,6 +6011,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -6183,6 +6197,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -6428,6 +6443,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -6596,6 +6612,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -6709,6 +6726,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/emqxes.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/emqxes.yaml index 75ac9f052..2c38c5c6d 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/emqxes.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/emqxes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.9.2" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "emqxes.apps.emqx.io" spec: group: "apps.emqx.io" @@ -918,6 +918,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1022,6 +1023,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -1207,6 +1209,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2329,6 +2332,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2433,6 +2437,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2618,6 +2623,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -2870,6 +2876,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -3052,6 +3059,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -3165,6 +3173,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -4463,6 +4472,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -4567,6 +4577,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -4752,6 +4763,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -5874,6 +5886,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -5978,6 +5991,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -6163,6 +6177,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -6415,6 +6430,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -6597,6 +6613,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" @@ -6710,6 +6727,7 @@ spec: format: "int32" type: "integer" service: + default: "" type: "string" required: - "port" diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/rebalances.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/rebalances.yaml index 4c788f29b..34cd2b2a7 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/rebalances.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/rebalances.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.9.2" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "rebalances.apps.emqx.io" spec: group: "apps.emqx.io" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/clustersecretstores.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/clustersecretstores.yaml index cb47ff2fe..8eeb2a6a8 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/clustersecretstores.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/clustersecretstores.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" labels: external-secrets.io/component: "controller" name: "clustersecretstores.external-secrets.io" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/externalsecrets.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/externalsecrets.yaml index ae862e1ff..8dd30cbdd 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/externalsecrets.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/externalsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" labels: external-secrets.io/component: "controller" name: "externalsecrets.external-secrets.io" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/secretstores.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/secretstores.yaml index f34ee4c55..d47128089 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/secretstores.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/secretstores.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" labels: external-secrets.io/component: "controller" name: "secretstores.external-secrets.io" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml index b1f07f19f..33b5d63de 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" labels: external-secrets.io/component: "controller" name: "clusterexternalsecrets.external-secrets.io" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml index bc7b878ed..81f1af7fe 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" labels: external-secrets.io/component: "controller" name: "clustersecretstores.external-secrets.io" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml index 255268ba1..b2f12dd3f 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" labels: external-secrets.io/component: "controller" name: "externalsecrets.external-secrets.io" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml index 2c28e75a5..429014458 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" labels: external-secrets.io/component: "controller" name: "secretstores.external-secrets.io" diff --git a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/components.yaml b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/components.yaml index 8a8e00b60..bb707640e 100644 --- a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/components.yaml +++ b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/components.yaml @@ -100,6 +100,9 @@ spec: x-kubernetes-preserve-unknown-fields: true health: type: "string" + healthExpr: + description: "healthExpr allows defining a cel expression to evaluate the health of a component\nbased on the summary." + type: "string" hidden: description: "If set to true, do not display in UI" type: "boolean" @@ -355,7 +358,7 @@ spec: type: "object" type: "array" statusExpr: - description: "statusExpr allows defining a cel expression to evaluate the status of a component\nbased on the summary and the related config" + description: "statusExpr allows defining a cel expression to evaluate the status of a component\nbased on the summary." type: "string" summary: description: "Summary is the health, incidents, insights & check summary" diff --git a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/topologies.yaml b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/topologies.yaml index 5c2ee8762..6df5cb144 100644 --- a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/topologies.yaml +++ b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/topologies.yaml @@ -144,6 +144,9 @@ spec: x-kubernetes-preserve-unknown-fields: true health: type: "string" + healthExpr: + description: "healthExpr allows defining a cel expression to evaluate the health of a component\nbased on the summary." + type: "string" hidden: description: "If set to true, do not display in UI" type: "boolean" @@ -399,7 +402,7 @@ spec: type: "object" type: "array" statusExpr: - description: "statusExpr allows defining a cel expression to evaluate the status of a component\nbased on the summary and the related config" + description: "statusExpr allows defining a cel expression to evaluate the status of a component\nbased on the summary." type: "string" summary: description: "Summary is the health, incidents, insights & check summary" @@ -534,6 +537,9 @@ spec: required: - "tag" type: "object" + healthExpr: + description: "statusExpr allows defining a cel expression to evaluate the status of a component\nbased on the summary." + type: "string" icon: type: "string" id: @@ -1066,7 +1072,7 @@ spec: schedule: type: "string" statusExpr: - description: "statusExpr allows defining a cel expression to evaluate the status of a component\nbased on the summary and the related config" + description: "statusExpr allows defining a cel expression to evaluate the status of a component\nbased on the summary." type: "string" text: type: "string" diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterinputs.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterinputs.yaml index 224bc414d..5c2481da2 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterinputs.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterinputs.yaml @@ -79,6 +79,43 @@ spec: description: "Tag name associated to all records comming from this plugin." type: "string" type: "object" + execWasi: + description: "ExecWasi defines the exec wasi input plugin configuration" + properties: + accessiblePaths: + description: "Specify the whitelist of paths to be able to access paths from WASM programs." + items: + type: "string" + type: "array" + bufSize: + description: "Size of the buffer (check unit sizes for allowed values)" + pattern: "^\\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$" + type: "string" + intervalNSec: + description: "Polling interval (nanoseconds)." + format: "int64" + type: "integer" + intervalSec: + description: "Polling interval (seconds)." + format: "int32" + type: "integer" + parser: + description: "Specify the name of a parser to interpret the entry as a structured message." + type: "string" + threaded: + description: "Indicates whether to run this input in its own thread. Default: false." + type: "boolean" + wasiPath: + description: "The place of a WASM program file." + type: "string" + wasmHeapSize: + pattern: "^\\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$" + type: "string" + wasmStackSize: + description: "Size of the stack size of Wasm execution. Review unit sizes for allowed values." + pattern: "^\\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$" + type: "string" + type: "object" fluentBitMetrics: description: "FluentBitMetrics defines Fluent Bit Metrics Input configuration." properties: diff --git a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadashboards.yaml b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadashboards.yaml index becb8f524..bf48217aa 100644 --- a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadashboards.yaml +++ b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadashboards.yaml @@ -270,6 +270,47 @@ spec: url: description: "dashboard url" type: "string" + urlAuthorization: + description: "authorization options for dashboard from url" + properties: + basicAuth: + properties: + password: + description: "SecretKeySelector selects a key of a Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + username: + description: "SecretKeySelector selects a key of a Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + type: "object" required: - "instanceSelector" type: "object" diff --git a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadatasources.yaml b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadatasources.yaml index ac8999200..6c21d962e 100644 --- a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadatasources.yaml +++ b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadatasources.yaml @@ -7,6 +7,8 @@ metadata: spec: group: "grafana.integreatly.org" names: + categories: + - "grafana-operator" kind: "GrafanaDatasource" listKind: "GrafanaDatasourceList" plural: "grafanadatasources" diff --git a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanafolders.yaml b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanafolders.yaml index 7450d8bc6..69758027a 100644 --- a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanafolders.yaml +++ b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanafolders.yaml @@ -7,6 +7,8 @@ metadata: spec: group: "grafana.integreatly.org" names: + categories: + - "grafana-operator" kind: "GrafanaFolder" listKind: "GrafanaFolderList" plural: "grafanafolders" diff --git a/crd-catalog/grafana/tempo-operator/tempo.grafana.com/v1alpha1/tempostacks.yaml b/crd-catalog/grafana/tempo-operator/tempo.grafana.com/v1alpha1/tempostacks.yaml index 26caf9a78..224e3a463 100644 --- a/crd-catalog/grafana/tempo-operator/tempo.grafana.com/v1alpha1/tempostacks.yaml +++ b/crd-catalog/grafana/tempo-operator/tempo.grafana.com/v1alpha1/tempostacks.yaml @@ -65,6 +65,9 @@ spec: images: description: "Images defines the image for each container." properties: + jaegerQuery: + description: "JaegerQuery defines the tempo-query container image." + type: "string" oauthProxy: description: "OauthProxy defines the oauth proxy image used to protect the jaegerUI on single tenant." type: "string" @@ -1003,6 +1006,47 @@ spec: servicesQueryDuration: description: "ServicesQueryDuration defines how long the services will be available in the services list" type: "string" + tempoQuery: + description: "TempoQuery defines options specific to the Tempoo Query component." + properties: + resources: + description: "Resources defines resources for this component, this will override the calculated resources derived from total" + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + type: "object" type: "object" type: "object" type: "object" diff --git a/crd-catalog/infinispan/infinispan-operator/infinispan.org/v1/infinispans.yaml b/crd-catalog/infinispan/infinispan-operator/infinispan.org/v1/infinispans.yaml index 664d76bec..4b5993a1a 100644 --- a/crd-catalog/infinispan/infinispan-operator/infinispan.org/v1/infinispans.yaml +++ b/crd-catalog/infinispan/infinispan-operator/infinispan.org/v1/infinispans.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.9.2" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "infinispans.infinispan.org" spec: group: "infinispan.org" @@ -19,10 +19,10 @@ spec: description: "Infinispan is the Schema for the infinispans API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -36,9 +36,9 @@ spec: description: "Describes node affinity scheduling rules for the pod." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." items: - description: "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." properties: preference: description: "A node selector term, associated with the corresponding weight." @@ -46,16 +46,16 @@ spec: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -67,16 +67,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -97,26 +97,26 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: nodeSelectorTerms: description: "Required. A list of node selector terms. The terms are ORed." items: - description: "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." properties: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -128,16 +128,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -158,7 +158,7 @@ spec: description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -171,16 +171,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -192,26 +192,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -223,23 +223,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -248,9 +248,9 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: description: "A label query over a set of resources, in this case pods." @@ -258,16 +258,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -279,26 +279,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -310,17 +310,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -331,7 +331,7 @@ spec: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -344,16 +344,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -365,26 +365,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -396,23 +396,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -421,9 +421,9 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: description: "A label query over a set of resources, in this case pods." @@ -431,16 +431,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -452,26 +452,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -483,17 +483,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -678,9 +678,9 @@ spec: description: "Describes node affinity scheduling rules for the pod." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." items: - description: "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." properties: preference: description: "A node selector term, associated with the corresponding weight." @@ -688,16 +688,16 @@ spec: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -709,16 +709,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -739,26 +739,26 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: nodeSelectorTerms: description: "Required. A list of node selector terms. The terms are ORed." items: - description: "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." properties: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -770,16 +770,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -800,7 +800,7 @@ spec: description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -813,16 +813,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -834,26 +834,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -865,23 +865,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -890,9 +890,9 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: description: "A label query over a set of resources, in this case pods." @@ -900,16 +900,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -921,26 +921,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -952,17 +952,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -973,7 +973,7 @@ spec: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -986,16 +986,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1007,26 +1007,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1038,23 +1038,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -1063,9 +1063,9 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: description: "A label query over a set of resources, in this case pods." @@ -1073,16 +1073,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1094,26 +1094,26 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1125,17 +1125,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -1145,23 +1145,23 @@ spec: type: "object" tolerations: items: - description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." properties: effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." type: "string" key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." type: "string" operator: - description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." type: "string" tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." format: "int64" type: "integer" value: - description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." type: "string" type: "object" type: "array" @@ -1170,21 +1170,21 @@ spec: description: "TopologySpreadConstraint specifies how to spread matching pods among the given topology." properties: labelSelector: - description: "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain." + description: "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -1196,23 +1196,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" maxSkew: - description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." + description: "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed." format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. \n This is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.\n\n\nThis is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate." format: "int32" type: "integer" topologyKey: - description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes match the node selector. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." + description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes match the node selector.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." type: "string" whenUnsatisfiable: - description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field." + description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field." type: "string" required: - "maxSkew" @@ -1291,7 +1291,7 @@ spec: description: "Enable/disable container ephemeral storage" type: "boolean" livenessProbe: - description: "Periodic probe of container liveness. Container will be restarted if the probe fails." + description: "Periodic probe of container liveness.\nContainer will be restarted if the probe fails." properties: failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded." @@ -1315,7 +1315,7 @@ spec: type: "integer" type: "object" readinessProbe: - description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails." + description: "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails." properties: failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded." @@ -1339,7 +1339,7 @@ spec: type: "integer" type: "object" startupProbe: - description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation." + description: "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation." properties: failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded." diff --git a/crd-catalog/infinispan/infinispan-operator/infinispan.org/v2alpha1/backups.yaml b/crd-catalog/infinispan/infinispan-operator/infinispan.org/v2alpha1/backups.yaml index 27c6d709d..b6339870b 100644 --- a/crd-catalog/infinispan/infinispan-operator/infinispan.org/v2alpha1/backups.yaml +++ b/crd-catalog/infinispan/infinispan-operator/infinispan.org/v2alpha1/backups.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.9.2" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "backups.infinispan.org" spec: group: "infinispan.org" @@ -19,10 +19,10 @@ spec: description: "Backup is the Schema for the backups API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" diff --git a/crd-catalog/infinispan/infinispan-operator/infinispan.org/v2alpha1/batches.yaml b/crd-catalog/infinispan/infinispan-operator/infinispan.org/v2alpha1/batches.yaml index 7fe3467ce..0237d2d40 100644 --- a/crd-catalog/infinispan/infinispan-operator/infinispan.org/v2alpha1/batches.yaml +++ b/crd-catalog/infinispan/infinispan-operator/infinispan.org/v2alpha1/batches.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.9.2" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "batches.infinispan.org" spec: group: "infinispan.org" @@ -19,10 +19,10 @@ spec: description: "Batch is the Schema for the batches API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" diff --git a/crd-catalog/infinispan/infinispan-operator/infinispan.org/v2alpha1/caches.yaml b/crd-catalog/infinispan/infinispan-operator/infinispan.org/v2alpha1/caches.yaml index d44fae509..b41f970fa 100644 --- a/crd-catalog/infinispan/infinispan-operator/infinispan.org/v2alpha1/caches.yaml +++ b/crd-catalog/infinispan/infinispan-operator/infinispan.org/v2alpha1/caches.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.9.2" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "caches.infinispan.org" spec: group: "infinispan.org" @@ -19,10 +19,10 @@ spec: description: "Cache is the Schema for the caches API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -39,7 +39,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -58,7 +58,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" diff --git a/crd-catalog/infinispan/infinispan-operator/infinispan.org/v2alpha1/restores.yaml b/crd-catalog/infinispan/infinispan-operator/infinispan.org/v2alpha1/restores.yaml index 5d8d9be4b..e15453175 100644 --- a/crd-catalog/infinispan/infinispan-operator/infinispan.org/v2alpha1/restores.yaml +++ b/crd-catalog/infinispan/infinispan-operator/infinispan.org/v2alpha1/restores.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.9.2" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "restores.infinispan.org" spec: group: "infinispan.org" @@ -19,10 +19,10 @@ spec: description: "Restore is the Schema for the restores API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" diff --git a/crd-catalog/kiali/kiali-operator/kiali.io/v1alpha1/kialis.yaml b/crd-catalog/kiali/kiali-operator/kiali.io/v1alpha1/kialis.yaml index d9b374fda..e655b34c5 100644 --- a/crd-catalog/kiali/kiali-operator/kiali.io/v1alpha1/kialis.yaml +++ b/crd-catalog/kiali/kiali-operator/kiali.io/v1alpha1/kialis.yaml @@ -36,29 +36,6 @@ spec: - "annotation" type: "object" type: "array" - api: - properties: - namespaces: - description: "Settings that control what namespaces are returned by Kiali." - properties: - exclude: - description: "A list of namespaces to be excluded from the list of namespaces provided by the Kiali API and Kiali UI. Regex is supported. This does not affect explicit namespace access." - items: - type: "string" - type: "array" - include: - description: "A list of namespaces to be included in the list of namespaces provided by the Kiali API and Kiali UI (if those namespaces exist). Regex is supported. An undefined or empty list is ignored. This does not affect explicit namespace access." - items: - type: "string" - type: "array" - label_selector_exclude: - description: "A Kubernetes label selector (e.g. `myLabel=myValue`) which is used for filtering out namespaces\nwhen fetching the list of available namespaces. This does not affect explicit namespace access.\n" - type: "string" - label_selector_include: - description: "A Kubernetes label selector (e.g. `myLabel=myValue`) which is used when fetching the list of\navailable namespaces. This does not affect explicit namespace access.\n\nIf `deployment.accessible_namespaces` does not have the special value of `'**'`\nthen the Kiali operator will add a new label to all accessible namespaces - that new\nlabel will be this `label_selector_include` (this label is added regardless if the namespace matches the label_selector_exclude also).\n\nNote that if you do not set this `label_selector_include` setting but `deployment.accessible_namespaces`\ndoes not have the special \"all namespaces\" entry of `'**'` then this `label_selector_include` will be set\nto a default value of `kiali.io/[.]member-of=`\nwhere `[.]` is the instance name assigned to the Kiali installation\nif it is not the default 'kiali' (otherwise, this is omitted) and ``\nis the namespace where Kiali is to be installed.\n" - type: "string" - type: "object" - type: "object" auth: properties: openid: @@ -173,11 +150,6 @@ spec: type: "array" deployment: properties: - accessible_namespaces: - description: "When `cluster_wide_access=false` this must be set to the list of namespaces to which Kiali is to be given permissions. You can provide names using regex expressions matched against all namespaces the operator can see. If left unset it is required that `cluster_wide_access` be `true`, and Kiali will have permissions to all namespaces. The list of namespaces that a user can access is a subset of these namespaces, given that user's RBAC settings." - items: - type: "string" - type: "array" additional_service_yaml: description: "Additional custom yaml to add to the service definition. This is used mainly to customize the service type. For example, if the `deployment.service_type` is set to 'LoadBalancer' and you want to set the loadBalancerIP, you can do so here with: `additional_service_yaml: { 'loadBalancerIP': '78.11.24.19' }`. Another example would be if the `deployment.service_type` is set to 'ExternalName' you will need to configure the name via: `additional_service_yaml: { 'externalName': 'my.kiali.example.com' }`. A final example would be if external IPs need to be set: `additional_service_yaml: { 'externalIPs': ['80.11.12.10'] }`" type: "object" @@ -196,7 +168,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: "object" cluster_wide_access: - description: "Determines if the Kiali server will be granted cluster-wide permissions to see all namespaces. When true, this provides more efficient caching within the Kiali server. It must be `true` if `deployment.accessible_namespaces` is left unset. To limit the namespaces for which Kiali has permissions, set to `false` and list the desired namespaces in `deployment.accessible_namespaces`. When not set, this value will default to `false` if `deployment.accessible_namespaces` is set to a list of namespaces; otherwise this will be `true`." + description: "Determines if the Kiali server will be granted cluster-wide permissions to see all namespaces. When true, this provides more efficient caching within the Kiali server. It must be `true` if `deployment.discovery_selectors.default` is left unset. To limit the namespaces for which Kiali has permissions, set to `false` and define the desired selectors in `deployment.discovery_selectors.default`. When not set, this value will default to `true`." type: "boolean" configmap_annotations: description: "Custom annotations to be created on the Kiali ConfigMap." @@ -224,6 +196,84 @@ spec: - "mount" type: "object" type: "array" + discovery_selectors: + description: "Discovery selectors used to determine which namespaces are accessible to Kiali and which namespaces are visible to Kiali users.\nYou can define discovery selectors to match namespaces on the local cluster as well as remote clusters.\nThe list of namespaces that a user can access is a subset of these namespaces, given that user's RBAC permissions.\nThese selectors will have similar semantics as defined by Istio ( https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig )\nand the syntax of the equality-based and set-based label selectors are documented by Kubernetes here\n( https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#resources-that-support-set-based-requirements )\n" + properties: + default: + description: "These are label selectors for the Kiali local cluster and for all remote clusters that do not have overrides.\nNamespaces that match these selectors are visible to Kiali users.\nWhen `cluster_wide_access=false` these `default` selectors are used to restrict which namespaces Kiali will have access to.\nIf there are no default discovery selectors, then `cluster_wide_access` should be `true` in which case Kiali will have\npermissions to access all namespaces.\n" + items: + anyOf: + - required: + - "matchLabels" + - required: + - "matchExpressions" + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + enum: + - "In" + - "NotIn" + - "Exists" + - "DoesNotExist" + type: "string" + values: + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + type: "array" + overrides: + additionalProperties: + items: + anyOf: + - required: + - "matchLabels" + - required: + - "matchExpressions" + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + enum: + - "In" + - "NotIn" + - "Exists" + - "DoesNotExist" + type: "string" + values: + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + type: "array" + description: "If a remote cluster has different namespaces than the local cluster, these overrides provide a way for you to match those remote namespaces. Kiali will make these remote namespaces visible to users. The name of the overrides section is the name of the remote cluster. Note that the `default` selectors are ignored when matching namespaces on a remote cluster if that remote cluster has overrides defined." + type: "object" + type: "object" dns: description: "The Kiali server pod's DNS configuration. Kubernetes supports different DNS policies and configurations.\nFor further details, consult the Kubernetes documentation - https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/\n" properties: diff --git a/crd-catalog/koordinator-sh/koordinator/scheduling.koordinator.sh/v1alpha1/reservations.yaml b/crd-catalog/koordinator-sh/koordinator/scheduling.koordinator.sh/v1alpha1/reservations.yaml index 068c7e272..818cbbd0b 100644 --- a/crd-catalog/koordinator-sh/koordinator/scheduling.koordinator.sh/v1alpha1/reservations.yaml +++ b/crd-catalog/koordinator-sh/koordinator/scheduling.koordinator.sh/v1alpha1/reservations.yaml @@ -157,6 +157,29 @@ spec: preAllocation: description: "By default, the resources requirements of reservation (specified in `template.spec`) is filtered by whether the\nnode has sufficient free resources (i.e. Reservation Request < Node Free).\nWhen `preAllocation` is set, the scheduler will skip this validation and allow overcommitment. The scheduled\nreservation would be waiting to be available until free resources are sufficient." type: "boolean" + taints: + description: "Specifies the reservation's taints. This can be toleranted by the reservation tolerance.\nEviction is not supported for NoExecute taints" + items: + description: "The node this Taint is attached to has the \"effect\" on\nany pod that does not tolerate the Taint." + properties: + effect: + description: "Required. The effect of the taint on pods\nthat do not tolerate the taint.\nValid effects are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Required. The taint key to be applied to a node." + type: "string" + timeAdded: + description: "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints." + format: "date-time" + type: "string" + value: + description: "The taint value corresponding to the taint key." + type: "string" + required: + - "effect" + - "key" + type: "object" + type: "array" template: description: "Template defines the scheduling requirements (resources, affinities, images, ...) processed by the scheduler just\nlike a normal pod.\nIf the `template.spec.nodeName` is specified, the scheduler will not choose another node but reserve resources on\nthe specified node." x-kubernetes-preserve-unknown-fields: true diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gateways.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gateways.yaml index a512d93d8..f8bd6d331 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gateways.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gateways.yaml @@ -92,13 +92,47 @@ spec: rule: "self.all(a1, a1.type == 'IPAddress' ? self.exists_one(a2, a2.type == a1.type && a2.value == a1.value) : true )" - message: "Hostname values must be unique" rule: "self.all(a1, a1.type == 'Hostname' ? self.exists_one(a2, a2.type == a1.type && a2.value == a1.value) : true )" + backendTLS: + description: "BackendTLS configures TLS settings for when this Gateway is connecting to\nbackends with TLS.\n\n\nSupport: Core\n\n\n" + properties: + clientCertificateRef: + description: "ClientCertificateRef is a reference to an object that contains a Client\nCertificate and the associated private key.\n\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\n\nClientCertificateRef can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\n\nThis setting can be overridden on the service level by use of BackendTLSPolicy.\n\n\nSupport: Core\n\n\n" + properties: + group: + default: "" + description: "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + kind: + default: "Secret" + description: "Kind is kind of the referent. For example \"Secret\"." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" + type: "string" + name: + description: "Name is the name of the referent." + maxLength: 253 + minLength: 1 + type: "string" + namespace: + description: "Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" + type: "string" + required: + - "name" + type: "object" + type: "object" gatewayClassName: description: "GatewayClassName used for this Gateway. This is the name of a\nGatewayClass resource." maxLength: 253 minLength: 1 type: "string" infrastructure: - description: "Infrastructure defines infrastructure level attributes about this Gateway instance.\n\n\nSupport: Core\n\n\n" + description: "Infrastructure defines infrastructure level attributes about this Gateway instance.\n\n\nSupport: Extended" properties: annotations: additionalProperties: @@ -109,15 +143,26 @@ spec: description: "Annotations that SHOULD be applied to any resources created in response to this Gateway.\n\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"annotations\" concepts.\n\n\nAn implementation may chose to add additional implementation-specific annotations as they see fit.\n\n\nSupport: Extended" maxProperties: 8 type: "object" + x-kubernetes-validations: + - message: "Annotation keys must be in the form of an optional DNS subdomain prefix followed by a required name segment of up to 63 characters." + rule: "self.all(key, key.matches(r\"\"\"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9]$\"\"\"))" + - message: "If specified, the annotation key's prefix must be a DNS subdomain not longer than 253 characters in total." + rule: "self.all(key, key.split(\"/\")[0].size() < 253)" labels: additionalProperties: - description: "AnnotationValue is the value of an annotation in Gateway API. This is used\nfor validation of maps such as TLS options. This roughly matches Kubernetes\nannotation validation, although the length validation in that case is based\non the entire size of the annotations struct." - maxLength: 4096 + description: "LabelValue is the value of a label in the Gateway API. This is used for validation\nof maps such as Gateway infrastructure labels. This matches the Kubernetes\nlabel validation rules:\n* must be 63 characters or less (can be empty),\n* unless empty, must begin and end with an alphanumeric character ([a-z0-9A-Z]),\n* could contain dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\nValid values include:\n\n\n* MyValue\n* my.name\n* 123-my-value" + maxLength: 63 minLength: 0 + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" type: "string" - description: "Labels that SHOULD be applied to any resources created in response to this Gateway.\n\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"labels\" concepts.\n\n\nAn implementation may chose to add additional implementation-specific labels as they see fit.\n\n\nSupport: Extended" + description: "Labels that SHOULD be applied to any resources created in response to this Gateway.\n\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"labels\" concepts.\n\n\nAn implementation may chose to add additional implementation-specific labels as they see fit.\n\n\nIf an implementation maps these labels to Pods, or any other resource that would need to be recreated when labels\nchange, it SHOULD clearly warn about this behavior in documentation.\n\n\nSupport: Extended" maxProperties: 8 type: "object" + x-kubernetes-validations: + - message: "Label keys must be in the form of an optional DNS subdomain prefix followed by a required name segment of up to 63 characters." + rule: "self.all(key, key.matches(r\"\"\"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9]$\"\"\"))" + - message: "If specified, the label key's prefix must be a DNS subdomain not longer than 253 characters in total." + rule: "self.all(key, key.split(\"/\")[0].size() < 253)" parametersRef: description: "ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the Gateway. This is optional if the\ncontroller does not require any additional configuration.\n\n\nThis follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis\n\n\nThe Gateway's GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\n\nSupport: Implementation-specific" properties: diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml index 264c59ca2..b8db28b8e 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml @@ -1043,6 +1043,25 @@ spec: minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" + retry: + description: "Retry defines the configuration for when to retry an HTTP request.\n\n\nSupport: Extended\n\n\n" + properties: + attempts: + description: "Attempts specifies the maxmimum number of times an individual request\nfrom the gateway to a backend should be retried.\n\n\nIf the maximum number of retries has been attempted without a successful\nresponse from the backend, the Gateway MUST return an error.\n\n\nWhen this field is unspecified, the number of times to attempt to retry\na backend request is implementation-specific.\n\n\nSupport: Extended" + type: "integer" + backoff: + description: "Backoff specifies the minimum duration a Gateway should wait between\nretry attempts and is represented in Gateway API Duration formatting.\n\n\nFor example, setting the `rules[].retry.backoff` field to the value\n`100ms` will cause a backend request to first be retried approximately\n100 milliseconds after timing out or receiving a response code configured\nto be retryable.\n\n\nAn implementation MAY use an exponential or alternative backoff strategy\nfor subsequent retry attempts, MAY cap the maximum backoff duration to\nsome amount greater than the specified minimum, and MAY add arbitrary\njitter to stagger requests, as long as unsuccessful backend requests are\nnot retried before the configured minimum duration.\n\n\nIf a Request timeout (`rules[].timeouts.request`) is configured on the\nroute, the entire duration of the initial request and any retry attempts\nMUST not exceed the Request timeout duration. If any retry attempts are\nstill in progress when the Request timeout duration has been reached,\nthese SHOULD be canceled if possible and the Gateway MUST immediately\nreturn a timeout error.\n\n\nIf a BackendRequest timeout (`rules[].timeouts.backendRequest`) is\nconfigured on the route, any retry attempts which reach the configured\nBackendRequest timeout duration without a response SHOULD be canceled if\npossible and the Gateway should wait for at least the specified backoff\nduration before attempting to retry the backend request again.\n\n\nIf a BackendRequest timeout is _not_ configured on the route, retry\nattempts MAY time out after an implementation default duration, or MAY\nremain pending until a configured Request timeout or implementation\ndefault duration for total request time is reached.\n\n\nWhen this field is unspecified, the time to wait between retry attempts\nis implementation-specific.\n\n\nSupport: Extended" + pattern: "^([0-9]{1,5}(h|m|s|ms)){1,4}$" + type: "string" + codes: + description: "Codes defines the HTTP response status codes for which a backend request\nshould be retried.\n\n\nSupport: Extended" + items: + description: "HTTPRouteRetryStatusCode defines an HTTP response status code for\nwhich a backend request should be retried.\n\n\nImplementations MUST support the following status codes as retryable:\n\n\n* 500\n* 502\n* 503\n* 504\n\n\nImplementations MAY support specifying additional discrete values in the\n500-599 range.\n\n\nImplementations MAY support specifying discrete values in the 400-499 range,\nwhich are often inadvisable to retry.\n\n\n" + maximum: 599.0 + minimum: 400.0 + type: "integer" + type: "array" + type: "object" sessionPersistence: description: "SessionPersistence defines and configures session persistence\nfor the route rule.\n\n\nSupport: Extended\n\n\n" properties: diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gateways.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gateways.yaml index 3d7e1832c..abc2ee36f 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gateways.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gateways.yaml @@ -92,13 +92,47 @@ spec: rule: "self.all(a1, a1.type == 'IPAddress' ? self.exists_one(a2, a2.type == a1.type && a2.value == a1.value) : true )" - message: "Hostname values must be unique" rule: "self.all(a1, a1.type == 'Hostname' ? self.exists_one(a2, a2.type == a1.type && a2.value == a1.value) : true )" + backendTLS: + description: "BackendTLS configures TLS settings for when this Gateway is connecting to\nbackends with TLS.\n\n\nSupport: Core\n\n\n" + properties: + clientCertificateRef: + description: "ClientCertificateRef is a reference to an object that contains a Client\nCertificate and the associated private key.\n\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\n\nClientCertificateRef can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\n\nThis setting can be overridden on the service level by use of BackendTLSPolicy.\n\n\nSupport: Core\n\n\n" + properties: + group: + default: "" + description: "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + kind: + default: "Secret" + description: "Kind is kind of the referent. For example \"Secret\"." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" + type: "string" + name: + description: "Name is the name of the referent." + maxLength: 253 + minLength: 1 + type: "string" + namespace: + description: "Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" + type: "string" + required: + - "name" + type: "object" + type: "object" gatewayClassName: description: "GatewayClassName used for this Gateway. This is the name of a\nGatewayClass resource." maxLength: 253 minLength: 1 type: "string" infrastructure: - description: "Infrastructure defines infrastructure level attributes about this Gateway instance.\n\n\nSupport: Core\n\n\n" + description: "Infrastructure defines infrastructure level attributes about this Gateway instance.\n\n\nSupport: Extended" properties: annotations: additionalProperties: @@ -109,15 +143,26 @@ spec: description: "Annotations that SHOULD be applied to any resources created in response to this Gateway.\n\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"annotations\" concepts.\n\n\nAn implementation may chose to add additional implementation-specific annotations as they see fit.\n\n\nSupport: Extended" maxProperties: 8 type: "object" + x-kubernetes-validations: + - message: "Annotation keys must be in the form of an optional DNS subdomain prefix followed by a required name segment of up to 63 characters." + rule: "self.all(key, key.matches(r\"\"\"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9]$\"\"\"))" + - message: "If specified, the annotation key's prefix must be a DNS subdomain not longer than 253 characters in total." + rule: "self.all(key, key.split(\"/\")[0].size() < 253)" labels: additionalProperties: - description: "AnnotationValue is the value of an annotation in Gateway API. This is used\nfor validation of maps such as TLS options. This roughly matches Kubernetes\nannotation validation, although the length validation in that case is based\non the entire size of the annotations struct." - maxLength: 4096 + description: "LabelValue is the value of a label in the Gateway API. This is used for validation\nof maps such as Gateway infrastructure labels. This matches the Kubernetes\nlabel validation rules:\n* must be 63 characters or less (can be empty),\n* unless empty, must begin and end with an alphanumeric character ([a-z0-9A-Z]),\n* could contain dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\nValid values include:\n\n\n* MyValue\n* my.name\n* 123-my-value" + maxLength: 63 minLength: 0 + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" type: "string" - description: "Labels that SHOULD be applied to any resources created in response to this Gateway.\n\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"labels\" concepts.\n\n\nAn implementation may chose to add additional implementation-specific labels as they see fit.\n\n\nSupport: Extended" + description: "Labels that SHOULD be applied to any resources created in response to this Gateway.\n\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"labels\" concepts.\n\n\nAn implementation may chose to add additional implementation-specific labels as they see fit.\n\n\nIf an implementation maps these labels to Pods, or any other resource that would need to be recreated when labels\nchange, it SHOULD clearly warn about this behavior in documentation.\n\n\nSupport: Extended" maxProperties: 8 type: "object" + x-kubernetes-validations: + - message: "Label keys must be in the form of an optional DNS subdomain prefix followed by a required name segment of up to 63 characters." + rule: "self.all(key, key.matches(r\"\"\"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9]$\"\"\"))" + - message: "If specified, the label key's prefix must be a DNS subdomain not longer than 253 characters in total." + rule: "self.all(key, key.split(\"/\")[0].size() < 253)" parametersRef: description: "ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the Gateway. This is optional if the\ncontroller does not require any additional configuration.\n\n\nThis follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis\n\n\nThe Gateway's GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\n\nSupport: Implementation-specific" properties: diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml index cfb0ac4ee..feb7874b7 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml @@ -1043,6 +1043,25 @@ spec: minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" + retry: + description: "Retry defines the configuration for when to retry an HTTP request.\n\n\nSupport: Extended\n\n\n" + properties: + attempts: + description: "Attempts specifies the maxmimum number of times an individual request\nfrom the gateway to a backend should be retried.\n\n\nIf the maximum number of retries has been attempted without a successful\nresponse from the backend, the Gateway MUST return an error.\n\n\nWhen this field is unspecified, the number of times to attempt to retry\na backend request is implementation-specific.\n\n\nSupport: Extended" + type: "integer" + backoff: + description: "Backoff specifies the minimum duration a Gateway should wait between\nretry attempts and is represented in Gateway API Duration formatting.\n\n\nFor example, setting the `rules[].retry.backoff` field to the value\n`100ms` will cause a backend request to first be retried approximately\n100 milliseconds after timing out or receiving a response code configured\nto be retryable.\n\n\nAn implementation MAY use an exponential or alternative backoff strategy\nfor subsequent retry attempts, MAY cap the maximum backoff duration to\nsome amount greater than the specified minimum, and MAY add arbitrary\njitter to stagger requests, as long as unsuccessful backend requests are\nnot retried before the configured minimum duration.\n\n\nIf a Request timeout (`rules[].timeouts.request`) is configured on the\nroute, the entire duration of the initial request and any retry attempts\nMUST not exceed the Request timeout duration. If any retry attempts are\nstill in progress when the Request timeout duration has been reached,\nthese SHOULD be canceled if possible and the Gateway MUST immediately\nreturn a timeout error.\n\n\nIf a BackendRequest timeout (`rules[].timeouts.backendRequest`) is\nconfigured on the route, any retry attempts which reach the configured\nBackendRequest timeout duration without a response SHOULD be canceled if\npossible and the Gateway should wait for at least the specified backoff\nduration before attempting to retry the backend request again.\n\n\nIf a BackendRequest timeout is _not_ configured on the route, retry\nattempts MAY time out after an implementation default duration, or MAY\nremain pending until a configured Request timeout or implementation\ndefault duration for total request time is reached.\n\n\nWhen this field is unspecified, the time to wait between retry attempts\nis implementation-specific.\n\n\nSupport: Extended" + pattern: "^([0-9]{1,5}(h|m|s|ms)){1,4}$" + type: "string" + codes: + description: "Codes defines the HTTP response status codes for which a backend request\nshould be retried.\n\n\nSupport: Extended" + items: + description: "HTTPRouteRetryStatusCode defines an HTTP response status code for\nwhich a backend request should be retried.\n\n\nImplementations MUST support the following status codes as retryable:\n\n\n* 500\n* 502\n* 503\n* 504\n\n\nImplementations MAY support specifying additional discrete values in the\n500-599 range.\n\n\nImplementations MAY support specifying discrete values in the 400-499 range,\nwhich are often inadvisable to retry.\n\n\n" + maximum: 599.0 + minimum: 400.0 + type: "integer" + type: "array" + type: "object" sessionPersistence: description: "SessionPersistence defines and configures session persistence\nfor the route rule.\n\n\nSupport: Extended\n\n\n" properties: diff --git a/crd-catalog/kubernetes-sigs/jobset/jobset.x-k8s.io/v1alpha2/jobsets.yaml b/crd-catalog/kubernetes-sigs/jobset/jobset.x-k8s.io/v1alpha2/jobsets.yaml index d64cae298..89b813f4f 100644 --- a/crd-catalog/kubernetes-sigs/jobset/jobset.x-k8s.io/v1alpha2/jobsets.yaml +++ b/crd-catalog/kubernetes-sigs/jobset/jobset.x-k8s.io/v1alpha2/jobsets.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "jobsets.jobset.x-k8s.io" spec: group: "jobset.x-k8s.io" @@ -107,7 +107,7 @@ spec: - message: "Value is immutable" rule: "self == oldSelf" managedBy: - description: "ManagedBy is used to indicate the controller or entity that manages a JobSet.\nThe built-in JobSet controller reconciles JobSets which don't have this\nfield at all or the field value is the reserved string\n`jobset.sigs.k8s.io/jobset-controller`, but skips reconciling JobSets\nwith a custom value for this field.\n\n\nThe value must be a valid domain-prefixed path (e.g. acme.io/foo) -\nall characters before the first \"/\" must be a valid subdomain as defined\nby RFC 1123. All characters trailing the first \"/\" must be valid HTTP Path\ncharacters as defined by RFC 3986. The value cannot exceed 63 characters.\nThe field is immutable." + description: "ManagedBy is used to indicate the controller or entity that manages a JobSet.\nThe built-in JobSet controller reconciles JobSets which don't have this\nfield at all or the field value is the reserved string\n`jobset.sigs.k8s.io/jobset-controller`, but skips reconciling JobSets\nwith a custom value for this field.\n\nThe value must be a valid domain-prefixed path (e.g. acme.io/foo) -\nall characters before the first \"/\" must be a valid subdomain as defined\nby RFC 1123. All characters trailing the first \"/\" must be valid HTTP Path\ncharacters as defined by RFC 3986. The value cannot exceed 63 characters.\nThe field is immutable." type: "string" network: description: "Network defines the networking options for the jobset." @@ -176,14 +176,14 @@ spec: format: "int32" type: "integer" completionMode: - description: "completionMode specifies how Pod completions are tracked. It can be\n`NonIndexed` (default) or `Indexed`.\n\n\n`NonIndexed` means that the Job is considered complete when there have\nbeen .spec.completions successfully completed Pods. Each Pod completion is\nhomologous to each other.\n\n\n`Indexed` means that the Pods of a\nJob get an associated completion index from 0 to (.spec.completions - 1),\navailable in the annotation batch.kubernetes.io/job-completion-index.\nThe Job is considered complete when there is one successfully completed Pod\nfor each index.\nWhen value is `Indexed`, .spec.completions must be specified and\n`.spec.parallelism` must be less than or equal to 10^5.\nIn addition, The Pod name takes the form\n`$(job-name)-$(index)-$(random-string)`,\nthe Pod hostname takes the form `$(job-name)-$(index)`.\n\n\nMore completion modes can be added in the future.\nIf the Job controller observes a mode that it doesn't recognize, which\nis possible during upgrades due to version skew, the controller\nskips updates for the Job." + description: "completionMode specifies how Pod completions are tracked. It can be\n`NonIndexed` (default) or `Indexed`.\n\n`NonIndexed` means that the Job is considered complete when there have\nbeen .spec.completions successfully completed Pods. Each Pod completion is\nhomologous to each other.\n\n`Indexed` means that the Pods of a\nJob get an associated completion index from 0 to (.spec.completions - 1),\navailable in the annotation batch.kubernetes.io/job-completion-index.\nThe Job is considered complete when there is one successfully completed Pod\nfor each index.\nWhen value is `Indexed`, .spec.completions must be specified and\n`.spec.parallelism` must be less than or equal to 10^5.\nIn addition, The Pod name takes the form\n`$(job-name)-$(index)-$(random-string)`,\nthe Pod hostname takes the form `$(job-name)-$(index)`.\n\nMore completion modes can be added in the future.\nIf the Job controller observes a mode that it doesn't recognize, which\nis possible during upgrades due to version skew, the controller\nskips updates for the Job." type: "string" completions: description: "Specifies the desired number of successfully finished pods the\njob should be run with. Setting to null means that the success of any\npod signals the success of all pods, and allows parallelism to have any positive\nvalue. Setting to 1 means that parallelism is limited to 1 and the success of that\npod signals the success of the job.\nMore info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/" format: "int32" type: "integer" managedBy: - description: "ManagedBy field indicates the controller that manages a Job. The k8s Job\ncontroller reconciles jobs which don't have this field at all or the field\nvalue is the reserved string `kubernetes.io/job-controller`, but skips\nreconciling Jobs with a custom value for this field.\nThe value must be a valid domain-prefixed path (e.g. acme.io/foo) -\nall characters before the first \"/\" must be a valid subdomain as defined\nby RFC 1123. All characters trailing the first \"/\" must be valid HTTP Path\ncharacters as defined by RFC 3986. The value cannot exceed 64 characters.\n\n\nThis field is alpha-level. The job controller accepts setting the field\nwhen the feature gate JobManagedBy is enabled (disabled by default)." + description: "ManagedBy field indicates the controller that manages a Job. The k8s Job\ncontroller reconciles jobs which don't have this field at all or the field\nvalue is the reserved string `kubernetes.io/job-controller`, but skips\nreconciling Jobs with a custom value for this field.\nThe value must be a valid domain-prefixed path (e.g. acme.io/foo) -\nall characters before the first \"/\" must be a valid subdomain as defined\nby RFC 1123. All characters trailing the first \"/\" must be valid HTTP Path\ncharacters as defined by RFC 3986. The value cannot exceed 63 characters.\nThis field is immutable.\n\nThis field is alpha-level. The job controller accepts setting the field\nwhen the feature gate JobManagedBy is enabled (disabled by default)." type: "string" manualSelector: description: "manualSelector controls generation of pod labels and pod selectors.\nLeave `manualSelector` unset unless you are certain what you are doing.\nWhen false or unset, the system pick labels unique to this job\nand appends those labels to the pod template. When true,\nthe user is responsible for picking unique labels and specifying\nthe selector. Failure to pick a unique label may cause this\nand other jobs to not function correctly. However, You may see\n`manualSelector=true` in jobs that were created with the old `extensions/v1beta1`\nAPI.\nMore info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector" @@ -197,7 +197,7 @@ spec: format: "int32" type: "integer" podFailurePolicy: - description: "Specifies the policy of handling failed pods. In particular, it allows to\nspecify the set of actions and conditions which need to be\nsatisfied to take the associated action.\nIf empty, the default behaviour applies - the counter of failed pods,\nrepresented by the jobs's .status.failed field, is incremented and it is\nchecked against the backoffLimit. This field cannot be used in combination\nwith restartPolicy=OnFailure.\n\n\nThis field is beta-level. It can be used when the `JobPodFailurePolicy`\nfeature gate is enabled (enabled by default)." + description: "Specifies the policy of handling failed pods. In particular, it allows to\nspecify the set of actions and conditions which need to be\nsatisfied to take the associated action.\nIf empty, the default behaviour applies - the counter of failed pods,\nrepresented by the jobs's .status.failed field, is incremented and it is\nchecked against the backoffLimit. This field cannot be used in combination\nwith restartPolicy=OnFailure." properties: rules: description: "A list of pod failure policy rules. The rules are evaluated in order.\nOnce a rule matches a Pod failure, the remaining of the rules are ignored.\nWhen no rule matches the Pod failure, the default handling applies - the\ncounter of pod failures is incremented and it is checked against\nthe backoffLimit. At most 20 elements are allowed." @@ -205,7 +205,7 @@ spec: description: "PodFailurePolicyRule describes how a pod failure is handled when the requirements are met.\nOne of onExitCodes and onPodConditions, but not both, can be used in each rule." properties: action: - description: "Specifies the action taken on a pod failure when the requirements are satisfied.\nPossible values are:\n\n\n- FailJob: indicates that the pod's job is marked as Failed and all\n running pods are terminated.\n- FailIndex: indicates that the pod's index is marked as Failed and will\n not be restarted.\n This value is beta-level. It can be used when the\n `JobBackoffLimitPerIndex` feature gate is enabled (enabled by default).\n- Ignore: indicates that the counter towards the .backoffLimit is not\n incremented and a replacement pod is created.\n- Count: indicates that the pod is handled in the default way - the\n counter towards the .backoffLimit is incremented.\nAdditional values are considered to be added in the future. Clients should\nreact to an unknown action by skipping the rule." + description: "Specifies the action taken on a pod failure when the requirements are satisfied.\nPossible values are:\n\n- FailJob: indicates that the pod's job is marked as Failed and all\n running pods are terminated.\n- FailIndex: indicates that the pod's index is marked as Failed and will\n not be restarted.\n This value is beta-level. It can be used when the\n `JobBackoffLimitPerIndex` feature gate is enabled (enabled by default).\n- Ignore: indicates that the counter towards the .backoffLimit is not\n incremented and a replacement pod is created.\n- Count: indicates that the pod is handled in the default way - the\n counter towards the .backoffLimit is incremented.\nAdditional values are considered to be added in the future. Clients should\nreact to an unknown action by skipping the rule." type: "string" onExitCodes: description: "Represents the requirement on the container exit codes." @@ -214,7 +214,7 @@ spec: description: "Restricts the check for exit codes to the container with the\nspecified name. When null, the rule applies to all containers.\nWhen specified, it should match one the container or initContainer\nnames in the pod template." type: "string" operator: - description: "Represents the relationship between the container exit code(s) and the\nspecified values. Containers completed with success (exit code 0) are\nexcluded from the requirement check. Possible values are:\n\n\n- In: the requirement is satisfied if at least one container exit code\n (might be multiple if there are multiple containers not restricted\n by the 'containerName' field) is in the set of specified values.\n- NotIn: the requirement is satisfied if at least one container exit code\n (might be multiple if there are multiple containers not restricted\n by the 'containerName' field) is not in the set of specified values.\nAdditional values are considered to be added in the future. Clients should\nreact to an unknown operator by assuming the requirement is not satisfied." + description: "Represents the relationship between the container exit code(s) and the\nspecified values. Containers completed with success (exit code 0) are\nexcluded from the requirement check. Possible values are:\n\n- In: the requirement is satisfied if at least one container exit code\n (might be multiple if there are multiple containers not restricted\n by the 'containerName' field) is in the set of specified values.\n- NotIn: the requirement is satisfied if at least one container exit code\n (might be multiple if there are multiple containers not restricted\n by the 'containerName' field) is not in the set of specified values.\nAdditional values are considered to be added in the future. Clients should\nreact to an unknown operator by assuming the requirement is not satisfied." type: "string" values: description: "Specifies the set of values. Each returned container exit code (might be\nmultiple in case of multiple containers) is checked against this set of\nvalues with respect to the operator. The list of values must be ordered\nand must not contain duplicates. Value '0' cannot be used for the In operator.\nAt least one element is required. At most 255 elements are allowed." @@ -253,7 +253,7 @@ spec: - "rules" type: "object" podReplacementPolicy: - description: "podReplacementPolicy specifies when to create replacement Pods.\nPossible values are:\n- TerminatingOrFailed means that we recreate pods\n when they are terminating (has a metadata.deletionTimestamp) or failed.\n- Failed means to wait until a previously created Pod is fully terminated (has phase\n Failed or Succeeded) before creating a replacement Pod.\n\n\nWhen using podFailurePolicy, Failed is the the only allowed value.\nTerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use.\nThis is an beta field. To use this, enable the JobPodReplacementPolicy feature toggle.\nThis is on by default." + description: "podReplacementPolicy specifies when to create replacement Pods.\nPossible values are:\n- TerminatingOrFailed means that we recreate pods\n when they are terminating (has a metadata.deletionTimestamp) or failed.\n- Failed means to wait until a previously created Pod is fully terminated (has phase\n Failed or Succeeded) before creating a replacement Pod.\n\nWhen using podFailurePolicy, Failed is the the only allowed value.\nTerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use.\nThis is an beta field. To use this, enable the JobPodReplacementPolicy feature toggle.\nThis is on by default." type: "string" selector: description: "A label query over pods that should match the pod count.\nNormally, the system sets this field for you.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors" @@ -289,7 +289,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" successPolicy: - description: "successPolicy specifies the policy when the Job can be declared as succeeded.\nIf empty, the default behavior applies - the Job is declared as succeeded\nonly when the number of succeeded pods equals to the completions.\nWhen the field is specified, it must be immutable and works only for the Indexed Jobs.\nOnce the Job meets the SuccessPolicy, the lingering pods are terminated.\n\n\nThis field is alpha-level. To use this field, you must enable the\n`JobSuccessPolicy` feature gate (disabled by default)." + description: "successPolicy specifies the policy when the Job can be declared as succeeded.\nIf empty, the default behavior applies - the Job is declared as succeeded\nonly when the number of succeeded pods equals to the completions.\nWhen the field is specified, it must be immutable and works only for the Indexed Jobs.\nOnce the Job meets the SuccessPolicy, the lingering pods are terminated.\n\nThis field is beta-level. To use this field, you must enable the\n`JobSuccessPolicy` feature gate (enabled by default)." properties: rules: description: "rules represents the list of alternative rules for the declaring the Jobs\nas successful before `.status.succeeded >= .spec.completions`. Once any of the rules are met,\nthe \"SucceededCriteriaMet\" condition is added, and the lingering pods are removed.\nThe terminal state for such a Job has the \"Complete\" condition.\nAdditionally, these rules are evaluated in order; Once the Job meets one of the rules,\nother rules are ignored. At most 20 elements are allowed." @@ -522,13 +522,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -627,13 +627,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -731,13 +731,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -836,13 +836,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -938,7 +938,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -988,7 +988,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1015,7 +1015,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1030,7 +1030,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1229,7 +1229,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1367,7 +1368,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1467,13 +1469,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1543,7 +1548,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1582,7 +1587,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1629,7 +1634,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1760,7 +1766,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -1824,7 +1830,7 @@ spec: ephemeralContainers: description: "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource." items: - description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." + description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." properties: args: description: "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" @@ -1860,7 +1866,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1910,7 +1916,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1937,7 +1943,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1952,7 +1958,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2151,7 +2157,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2289,7 +2296,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2389,13 +2397,16 @@ spec: description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2465,7 +2476,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2504,7 +2515,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -2551,7 +2562,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2637,7 +2649,7 @@ spec: description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" targetContainerName: - description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." + description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." type: "string" terminationMessagePath: description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." @@ -2685,7 +2697,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2754,7 +2766,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2801,7 +2813,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2851,7 +2863,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2878,7 +2890,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2893,7 +2905,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -3092,7 +3104,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3230,7 +3243,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3330,13 +3344,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3406,7 +3423,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -3445,7 +3462,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -3492,7 +3509,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3623,7 +3641,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3650,7 +3668,7 @@ spec: - "name" x-kubernetes-list-type: "map" nodeName: - description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements." + description: "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename" type: "string" nodeSelector: additionalProperties: @@ -3659,7 +3677,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" os: - description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" + description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" properties: name: description: "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null" @@ -3700,23 +3718,19 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resourceClaims: - description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable." + description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable." items: - description: "PodResourceClaim references exactly one ResourceClaim through a ClaimSource.\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." + description: "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." properties: name: description: "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL." type: "string" - source: - description: "Source describes where to find the ResourceClaim." - properties: - resourceClaimName: - description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod." - type: "string" - resourceClaimTemplateName: - description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim." - type: "string" - type: "object" + resourceClaimName: + description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" required: - "name" type: "object" @@ -3734,7 +3748,7 @@ spec: description: "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler." type: "string" schedulingGates: - description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." + description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." items: description: "PodSchedulingGate is associated to a Pod to guard its scheduling." properties: @@ -3764,7 +3778,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -3804,18 +3818,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -3932,7 +3949,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -3942,14 +3959,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -3976,7 +3993,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -4004,12 +4021,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -4055,7 +4074,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4079,7 +4098,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4119,7 +4138,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4140,7 +4159,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4228,10 +4247,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -4357,7 +4376,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -4374,7 +4393,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -4418,7 +4437,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4439,7 +4458,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -4486,7 +4505,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -4497,6 +4516,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -4507,7 +4536,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -4516,6 +4545,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -4536,7 +4566,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4614,12 +4644,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -4695,7 +4725,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4782,7 +4812,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4838,12 +4868,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -4853,6 +4884,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -4863,11 +4895,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -4878,6 +4911,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -4894,7 +4928,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4902,6 +4936,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -4967,7 +5002,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -5073,7 +5108,7 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -5102,7 +5137,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/nodemodulesconfigs.yaml b/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/nodemodulesconfigs.yaml index e2a4dee1c..4a9e0c771 100644 --- a/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/nodemodulesconfigs.yaml +++ b/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/nodemodulesconfigs.yaml @@ -39,6 +39,10 @@ spec: properties: containerImage: type: "string" + imagePullPolicy: + default: "IfNotPresent" + description: "PullPolicy describes a policy for if/when to pull a container image" + type: "string" inTreeModuleToRemove: type: "string" inTreeModulesToRemove: @@ -107,6 +111,7 @@ spec: type: "object" required: - "containerImage" + - "imagePullPolicy" - "insecurePull" - "kernelVersion" - "modprobe" @@ -145,6 +150,10 @@ spec: properties: containerImage: type: "string" + imagePullPolicy: + default: "IfNotPresent" + description: "PullPolicy describes a policy for if/when to pull a container image" + type: "string" inTreeModuleToRemove: type: "string" inTreeModulesToRemove: @@ -213,6 +222,7 @@ spec: type: "object" required: - "containerImage" + - "imagePullPolicy" - "insecurePull" - "kernelVersion" - "modprobe" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/circuitbreakers.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/circuitbreakers.yaml index c8e77aee3..2a6de112d 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/circuitbreakers.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/circuitbreakers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "circuitbreakers.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/containerpatches.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/containerpatches.yaml index bb71e6bdb..6a128f0a9 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/containerpatches.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/containerpatches.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "containerpatches.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplaneinsights.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplaneinsights.yaml index 647fd90eb..f844a78f9 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplaneinsights.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplaneinsights.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "dataplaneinsights.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplanes.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplanes.yaml index d1308ed05..b81d69cf9 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplanes.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplanes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "dataplanes.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/externalservices.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/externalservices.yaml index c6adbce24..4a96e224d 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/externalservices.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/externalservices.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "externalservices.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/faultinjections.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/faultinjections.yaml index dfd6b7599..9aad4a26c 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/faultinjections.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/faultinjections.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "faultinjections.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/healthchecks.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/healthchecks.yaml index 09f689b1d..4d8b0e986 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/healthchecks.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/healthchecks.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "healthchecks.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshaccesslogs.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshaccesslogs.yaml index 3bb242ceb..68567fb06 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshaccesslogs.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshaccesslogs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "meshaccesslogs.kuma.io" spec: group: "kuma.io" @@ -462,8 +462,6 @@ spec: - "targetRef" type: "object" type: "array" - required: - - "targetRef" type: "object" type: "object" served: true diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshcircuitbreakers.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshcircuitbreakers.yaml index 8cb77b219..6e8aa4358 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshcircuitbreakers.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshcircuitbreakers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "meshcircuitbreakers.kuma.io" spec: group: "kuma.io" @@ -414,8 +414,6 @@ spec: - "targetRef" type: "object" type: "array" - required: - - "targetRef" type: "object" type: "object" served: true diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshes.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshes.yaml index 345fbcfe2..a2a4e281d 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshes.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "meshes.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshfaultinjections.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshfaultinjections.yaml index 21d956a9f..8a67f6511 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshfaultinjections.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshfaultinjections.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "meshfaultinjections.kuma.io" spec: group: "kuma.io" @@ -314,8 +314,6 @@ spec: - "targetRef" type: "object" type: "array" - required: - - "targetRef" type: "object" type: "object" served: true diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayconfigs.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayconfigs.yaml index 1f0f904e5..63aa1c918 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayconfigs.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayconfigs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "meshgatewayconfigs.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayinstances.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayinstances.yaml index b5828dcf2..cb9a6a9d5 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayinstances.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayinstances.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "meshgatewayinstances.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayroutes.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayroutes.yaml index 08b8e645b..379e25bf0 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayroutes.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgatewayroutes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "meshgatewayroutes.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgateways.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgateways.yaml index a4c52580e..8000ddcf0 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgateways.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgateways.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "meshgateways.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhealthchecks.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhealthchecks.yaml index 597b3adf5..695348fcf 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhealthchecks.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhealthchecks.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "meshhealthchecks.kuma.io" spec: group: "kuma.io" @@ -279,8 +279,6 @@ spec: - "targetRef" type: "object" type: "array" - required: - - "targetRef" type: "object" type: "object" served: true diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhttproutes.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhttproutes.yaml index b587b8ae9..999e8507e 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhttproutes.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhttproutes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "meshhttproutes.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshinsights.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshinsights.yaml index 3359d00b3..b79d39d61 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshinsights.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshinsights.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "meshinsights.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshloadbalancingstrategies.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshloadbalancingstrategies.yaml index 8b93f250c..b03696a45 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshloadbalancingstrategies.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshloadbalancingstrategies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "meshloadbalancingstrategies.kuma.io" spec: group: "kuma.io" @@ -421,8 +421,6 @@ spec: - "targetRef" type: "object" type: "array" - required: - - "targetRef" type: "object" type: "object" served: true diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshproxypatches.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshproxypatches.yaml index 4559efc49..86cd9ed76 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshproxypatches.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshproxypatches.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "meshproxypatches.kuma.io" spec: group: "kuma.io" @@ -399,7 +399,6 @@ spec: type: "object" required: - "default" - - "targetRef" type: "object" type: "object" served: true diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshratelimits.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshratelimits.yaml index f3be38da5..033c84ac3 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshratelimits.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshratelimits.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "meshratelimits.kuma.io" spec: group: "kuma.io" @@ -394,8 +394,6 @@ spec: - "targetRef" type: "object" type: "array" - required: - - "targetRef" type: "object" type: "object" served: true diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshretries.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshretries.yaml index 4d07d21b8..0a85e2406 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshretries.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshretries.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "meshretries.kuma.io" spec: group: "kuma.io" @@ -380,8 +380,6 @@ spec: - "targetRef" type: "object" type: "array" - required: - - "targetRef" type: "object" type: "object" served: true diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtcproutes.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtcproutes.yaml index ce0681321..aee6442a4 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtcproutes.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtcproutes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "meshtcproutes.kuma.io" spec: group: "kuma.io" @@ -213,8 +213,6 @@ spec: type: "object" minItems: 1 type: "array" - required: - - "targetRef" type: "object" type: "object" served: true diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtimeouts.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtimeouts.yaml index 764213d1e..17d343e75 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtimeouts.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtimeouts.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "meshtimeouts.kuma.io" spec: group: "kuma.io" @@ -252,8 +252,6 @@ spec: - "targetRef" type: "object" type: "array" - required: - - "targetRef" type: "object" type: "object" served: true diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtraces.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtraces.yaml index b6f5b28d6..272721128 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtraces.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtraces.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "meshtraces.kuma.io" spec: group: "kuma.io" @@ -204,8 +204,6 @@ spec: description: "Tags used to select a subset of proxies by tags. Can only be used with kinds\n`MeshSubset` and `MeshServiceSubset`" type: "object" type: "object" - required: - - "targetRef" type: "object" type: "object" served: true diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtrafficpermissions.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtrafficpermissions.yaml index f469134a0..573ae2267 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtrafficpermissions.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtrafficpermissions.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "meshtrafficpermissions.kuma.io" spec: group: "kuma.io" @@ -150,8 +150,6 @@ spec: description: "Tags used to select a subset of proxies by tags. Can only be used with kinds\n`MeshSubset` and `MeshServiceSubset`" type: "object" type: "object" - required: - - "targetRef" type: "object" type: "object" served: true diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/proxytemplates.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/proxytemplates.yaml index 07ccc33e4..081047627 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/proxytemplates.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/proxytemplates.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "proxytemplates.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/ratelimits.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/ratelimits.yaml index 2114251d3..f5bfba45f 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/ratelimits.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/ratelimits.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "ratelimits.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/retries.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/retries.yaml index 2eb37c8cb..064fd9f17 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/retries.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/retries.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "retries.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/serviceinsights.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/serviceinsights.yaml index 03edf642f..fd42feba9 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/serviceinsights.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/serviceinsights.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "serviceinsights.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/timeouts.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/timeouts.yaml index 302d61470..1cf8cbb36 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/timeouts.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/timeouts.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "timeouts.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficlogs.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficlogs.yaml index 3fcaa385f..ace8d79c9 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficlogs.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficlogs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "trafficlogs.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficpermissions.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficpermissions.yaml index 16ec7ee56..93a8b5811 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficpermissions.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficpermissions.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "trafficpermissions.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficroutes.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficroutes.yaml index 53256251e..2e01b71f5 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficroutes.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/trafficroutes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "trafficroutes.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/traffictraces.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/traffictraces.yaml index 44356bb52..1a7505652 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/traffictraces.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/traffictraces.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "traffictraces.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/virtualoutbounds.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/virtualoutbounds.yaml index 8673e42bd..8c914a48b 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/virtualoutbounds.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/virtualoutbounds.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "virtualoutbounds.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegresses.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegresses.yaml index 052629886..fee9623f1 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegresses.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegresses.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "zoneegresses.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegressinsights.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegressinsights.yaml index 08edf9751..dcc4ba80d 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegressinsights.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegressinsights.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "zoneegressinsights.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingresses.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingresses.yaml index 4e7b53052..e7e40f7ea 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingresses.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingresses.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "zoneingresses.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingressinsights.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingressinsights.yaml index 43bac91d2..e7fdead42 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingressinsights.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingressinsights.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "zoneingressinsights.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneinsights.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneinsights.yaml index e31cc234d..9fa95175a 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneinsights.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneinsights.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "zoneinsights.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zones.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zones.yaml index 0f7cfd88b..4c79b0001 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zones.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zones.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.1" + controller-gen.kubebuilder.io/version: "v0.16.2" name: "zones.kuma.io" spec: group: "kuma.io" diff --git a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/configurations.yaml b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/configurations.yaml index 12f847ab3..457bc9482 100644 --- a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/configurations.yaml +++ b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/configurations.yaml @@ -147,6 +147,9 @@ spec: timeout: description: "Timeout for the operation. Overrides the global timeout set in the Configuration." type: "string" + workDir: + description: "WorkDir is the working directory for command." + type: "string" required: - "entrypoint" type: "object" @@ -529,6 +532,9 @@ spec: timeout: description: "Timeout for the operation. Overrides the global timeout set in the Configuration." type: "string" + workDir: + description: "WorkDir is the working directory for script." + type: "string" type: "object" sleep: description: "Sleep defines zzzz." diff --git a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/tests.yaml b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/tests.yaml index d32e7782b..6e31a2119 100644 --- a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/tests.yaml +++ b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/tests.yaml @@ -164,6 +164,9 @@ spec: timeout: description: "Timeout for the operation. Overrides the global timeout set in the Configuration." type: "string" + workDir: + description: "WorkDir is the working directory for command." + type: "string" required: - "entrypoint" type: "object" @@ -546,6 +549,9 @@ spec: timeout: description: "Timeout for the operation. Overrides the global timeout set in the Configuration." type: "string" + workDir: + description: "WorkDir is the working directory for script." + type: "string" type: "object" sleep: description: "Sleep defines zzzz." @@ -870,6 +876,9 @@ spec: timeout: description: "Timeout for the operation. Overrides the global timeout set in the Configuration." type: "string" + workDir: + description: "WorkDir is the working directory for command." + type: "string" required: - "entrypoint" type: "object" @@ -1252,6 +1261,9 @@ spec: timeout: description: "Timeout for the operation. Overrides the global timeout set in the Configuration." type: "string" + workDir: + description: "WorkDir is the working directory for script." + type: "string" type: "object" sleep: description: "Sleep defines zzzz." @@ -1465,6 +1477,9 @@ spec: timeout: description: "Timeout for the operation. Overrides the global timeout set in the Configuration." type: "string" + workDir: + description: "WorkDir is the working directory for command." + type: "string" required: - "entrypoint" type: "object" @@ -1847,6 +1862,9 @@ spec: timeout: description: "Timeout for the operation. Overrides the global timeout set in the Configuration." type: "string" + workDir: + description: "WorkDir is the working directory for script." + type: "string" type: "object" sleep: description: "Sleep defines zzzz." @@ -2088,6 +2106,9 @@ spec: timeout: description: "Timeout for the operation. Overrides the global timeout set in the Configuration." type: "string" + workDir: + description: "WorkDir is the working directory for command." + type: "string" required: - "entrypoint" type: "object" @@ -2470,6 +2491,9 @@ spec: timeout: description: "Timeout for the operation. Overrides the global timeout set in the Configuration." type: "string" + workDir: + description: "WorkDir is the working directory for script." + type: "string" type: "object" sleep: description: "Sleep defines zzzz." @@ -2880,6 +2904,9 @@ spec: timeout: description: "Timeout for the operation. Overrides the global timeout set in the Configuration." type: "string" + workDir: + description: "WorkDir is the working directory for command." + type: "string" required: - "entrypoint" type: "object" @@ -3584,6 +3611,9 @@ spec: timeout: description: "Timeout for the operation. Overrides the global timeout set in the Configuration." type: "string" + workDir: + description: "WorkDir is the working directory for script." + type: "string" type: "object" sleep: description: "Sleep defines zzzz." diff --git a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml index 4d3c50755..d06666c7c 100644 --- a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml +++ b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml @@ -208,6 +208,9 @@ spec: timeout: description: "Timeout for the operation. Overrides the global timeout set in the Configuration." type: "string" + workDir: + description: "WorkDir is the working directory for command." + type: "string" required: - "entrypoint" type: "object" @@ -590,6 +593,9 @@ spec: timeout: description: "Timeout for the operation. Overrides the global timeout set in the Configuration." type: "string" + workDir: + description: "WorkDir is the working directory for script." + type: "string" type: "object" sleep: description: "Sleep defines zzzz." diff --git a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/tests.yaml b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/tests.yaml index cefacba39..3f6993515 100644 --- a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/tests.yaml +++ b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/tests.yaml @@ -213,6 +213,9 @@ spec: timeout: description: "Timeout for the operation. Overrides the global timeout set in the Configuration." type: "string" + workDir: + description: "WorkDir is the working directory for command." + type: "string" required: - "entrypoint" type: "object" @@ -595,6 +598,9 @@ spec: timeout: description: "Timeout for the operation. Overrides the global timeout set in the Configuration." type: "string" + workDir: + description: "WorkDir is the working directory for script." + type: "string" type: "object" sleep: description: "Sleep defines zzzz." diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml index 8b6a76b8c..c98eb1f3d 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml @@ -83,6 +83,10 @@ spec: default: true description: "Background controls if rules are applied to existing resources during a background scan.\nOptional. Default value is \"true\". The value must be set to \"false\" if the policy rule\nuses variables that are only available in the admission review request (e.g. user name)." type: "boolean" + emitWarning: + default: false + description: "EmitWarning enables API response warnings for mutate policy rules or validate policy rules with validationFailureAction set to Audit.\nEnabling this option will extend admission request processing times. The default value is \"false\"." + type: "boolean" failurePolicy: description: "Deprecated, use failurePolicy under the webhookConfiguration instead." enum: @@ -123,6 +127,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -143,6 +158,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -245,10 +263,16 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" exclude: description: "ExcludeResources defines when this policy rule should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -262,6 +286,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -406,6 +434,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -545,6 +577,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -806,6 +842,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -826,6 +873,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -928,6 +978,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" data: @@ -1076,6 +1128,10 @@ spec: type: "object" match: description: "MatchResources defines when this policy rule should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -1089,6 +1145,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -1233,6 +1293,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -1372,6 +1436,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -1515,6 +1583,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -1535,6 +1614,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -1637,6 +1719,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" foreach: @@ -1757,6 +1841,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -1777,6 +1872,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -1879,6 +1977,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" kind: @@ -1906,6 +2006,11 @@ spec: preconditions: description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements. A direct list\nof conditions (without `any` or `all` statements is supported for backwards compatibility but\nwill be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" x-kubernetes-preserve-unknown-fields: true + reportProperties: + additionalProperties: + type: "string" + description: "ReportProperties are the additional properties from the rule that will be added to the policy report result" + type: "object" skipBackgroundRequests: default: true description: "SkipBackgroundRequests bypasses admission requests that are sent by the background controller.\nThe default value is set to \"true\", it must be set to \"false\" to apply\ngenerate and mutateExisting rules to those requests." @@ -1913,6 +2018,10 @@ spec: validate: description: "Validation is used to validate matching resources." properties: + allowExistingViolations: + default: true + description: "AllowExistingViolations allows prexisting violating resources to continue violating a policy." + type: "boolean" anyPattern: description: "AnyPattern specifies list of validation patterns. At least one of the patterns\nmust be satisfied for the validation rule to succeed." x-kubernetes-preserve-unknown-fields: true @@ -2112,6 +2221,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -2132,6 +2252,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -2234,6 +2357,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" deny: @@ -2496,12 +2621,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -2794,12 +2923,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -2883,6 +3016,9 @@ spec: type: "array" type: "object" type: "array" + name: + description: "Name is the variable name." + type: "string" predicateType: description: "Deprecated in favour of 'Type', to be removed soon" type: "string" @@ -3047,12 +3183,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -3137,6 +3277,20 @@ spec: default: true description: "UseCache enables caching of image verify responses for this rule." type: "boolean" + validate: + description: "Validation checks conditions across multiple image\nverification attestations or context entries" + properties: + deny: + description: "Deny defines conditions used to pass or fail a validation rule." + properties: + conditions: + description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" + x-kubernetes-preserve-unknown-fields: true + type: "object" + message: + description: "Message specifies a custom message to be displayed on failure." + type: "string" + type: "object" verifyDigest: default: true description: "VerifyDigest validates that images have a digest." @@ -3279,6 +3433,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -3299,6 +3464,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -3401,10 +3569,16 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" exclude: description: "ExcludeResources defines when this policy rule should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -3418,6 +3592,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -3562,6 +3740,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -3701,6 +3883,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -3962,6 +4148,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -3982,6 +4179,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -4084,6 +4284,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" data: @@ -4232,6 +4434,10 @@ spec: type: "object" match: description: "MatchResources defines when this policy rule should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -4245,6 +4451,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -4389,6 +4599,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -4528,6 +4742,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -4671,6 +4889,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -4691,6 +4920,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -4793,6 +5025,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" foreach: @@ -4913,6 +5147,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -4933,6 +5178,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -5035,6 +5283,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" kind: @@ -5062,6 +5312,11 @@ spec: preconditions: description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements. A direct list\nof conditions (without `any` or `all` statements is supported for backwards compatibility but\nwill be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" x-kubernetes-preserve-unknown-fields: true + reportProperties: + additionalProperties: + type: "string" + description: "ReportProperties are the additional properties from the rule that will be added to the policy report result" + type: "object" skipBackgroundRequests: default: true description: "SkipBackgroundRequests bypasses admission requests that are sent by the background controller.\nThe default value is set to \"true\", it must be set to \"false\" to apply\ngenerate and mutateExisting rules to those requests." @@ -5069,6 +5324,10 @@ spec: validate: description: "Validation is used to validate matching resources." properties: + allowExistingViolations: + default: true + description: "AllowExistingViolations allows prexisting violating resources to continue violating a policy." + type: "boolean" anyPattern: description: "AnyPattern specifies list of validation patterns. At least one of the patterns\nmust be satisfied for the validation rule to succeed." x-kubernetes-preserve-unknown-fields: true @@ -5268,6 +5527,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -5288,6 +5558,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -5390,6 +5663,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" deny: @@ -5652,12 +5927,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -5950,12 +6229,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -6039,6 +6322,9 @@ spec: type: "array" type: "object" type: "array" + name: + description: "Name is the variable name." + type: "string" predicateType: description: "Deprecated in favour of 'Type', to be removed soon" type: "string" @@ -6203,12 +6489,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -6293,6 +6583,20 @@ spec: default: true description: "UseCache enables caching of image verify responses for this rule." type: "boolean" + validate: + description: "Validation checks conditions across multiple image\nverification attestations or context entries" + properties: + deny: + description: "Deny defines conditions used to pass or fail a validation rule." + properties: + conditions: + description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" + x-kubernetes-preserve-unknown-fields: true + type: "object" + message: + description: "Message specifies a custom message to be displayed on failure." + type: "string" + type: "object" verifyDigest: default: true description: "VerifyDigest validates that images have a digest." @@ -6384,8 +6688,6 @@ spec: - "generated" - "message" type: "object" - required: - - "ready" type: "object" required: - "spec" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml index 0bb863bf3..25f5936bf 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml @@ -83,6 +83,10 @@ spec: default: true description: "Background controls if rules are applied to existing resources during a background scan.\nOptional. Default value is \"true\". The value must be set to \"false\" if the policy rule\nuses variables that are only available in the admission review request (e.g. user name)." type: "boolean" + emitWarning: + default: false + description: "EmitWarning enables API response warnings for mutate policy rules or validate policy rules with validationFailureAction set to Audit.\nEnabling this option will extend admission request processing times. The default value is \"false\"." + type: "boolean" failurePolicy: description: "Deprecated, use failurePolicy under the webhookConfiguration instead." enum: @@ -123,6 +127,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -143,6 +158,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -245,10 +263,16 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" exclude: description: "ExcludeResources defines when this policy rule should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -262,6 +286,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -406,6 +434,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -545,6 +577,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -806,6 +842,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -826,6 +873,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -928,6 +978,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" data: @@ -1076,6 +1128,10 @@ spec: type: "object" match: description: "MatchResources defines when this policy rule should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -1089,6 +1145,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -1233,6 +1293,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -1372,6 +1436,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -1515,6 +1583,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -1535,6 +1614,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -1637,6 +1719,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" foreach: @@ -1757,6 +1841,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -1777,6 +1872,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -1879,6 +1977,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" kind: @@ -1906,6 +2006,11 @@ spec: preconditions: description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements. A direct list\nof conditions (without `any` or `all` statements is supported for backwards compatibility but\nwill be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" x-kubernetes-preserve-unknown-fields: true + reportProperties: + additionalProperties: + type: "string" + description: "ReportProperties are the additional properties from the rule that will be added to the policy report result" + type: "object" skipBackgroundRequests: default: true description: "SkipBackgroundRequests bypasses admission requests that are sent by the background controller.\nThe default value is set to \"true\", it must be set to \"false\" to apply\ngenerate and mutateExisting rules to those requests." @@ -1913,6 +2018,10 @@ spec: validate: description: "Validation is used to validate matching resources." properties: + allowExistingViolations: + default: true + description: "AllowExistingViolations allows prexisting violating resources to continue violating a policy." + type: "boolean" anyPattern: description: "AnyPattern specifies list of validation patterns. At least one of the patterns\nmust be satisfied for the validation rule to succeed." x-kubernetes-preserve-unknown-fields: true @@ -2112,6 +2221,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -2132,6 +2252,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -2234,6 +2357,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" deny: @@ -2496,12 +2621,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -2794,12 +2923,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -2883,6 +3016,9 @@ spec: type: "array" type: "object" type: "array" + name: + description: "Name is the variable name." + type: "string" predicateType: description: "Deprecated in favour of 'Type', to be removed soon" type: "string" @@ -3047,12 +3183,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -3137,6 +3277,20 @@ spec: default: true description: "UseCache enables caching of image verify responses for this rule." type: "boolean" + validate: + description: "Validation checks conditions across multiple image\nverification attestations or context entries" + properties: + deny: + description: "Deny defines conditions used to pass or fail a validation rule." + properties: + conditions: + description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" + x-kubernetes-preserve-unknown-fields: true + type: "object" + message: + description: "Message specifies a custom message to be displayed on failure." + type: "string" + type: "object" verifyDigest: default: true description: "VerifyDigest validates that images have a digest." @@ -3279,6 +3433,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -3299,6 +3464,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -3401,10 +3569,16 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" exclude: description: "ExcludeResources defines when this policy rule should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -3418,6 +3592,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -3562,6 +3740,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -3701,6 +3883,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -3962,6 +4148,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -3982,6 +4179,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -4084,6 +4284,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" data: @@ -4232,6 +4434,10 @@ spec: type: "object" match: description: "MatchResources defines when this policy rule should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -4245,6 +4451,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -4389,6 +4599,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -4528,6 +4742,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -4671,6 +4889,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -4691,6 +4920,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -4793,6 +5025,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" foreach: @@ -4913,6 +5147,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -4933,6 +5178,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -5035,6 +5283,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" kind: @@ -5062,6 +5312,11 @@ spec: preconditions: description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements. A direct list\nof conditions (without `any` or `all` statements is supported for backwards compatibility but\nwill be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" x-kubernetes-preserve-unknown-fields: true + reportProperties: + additionalProperties: + type: "string" + description: "ReportProperties are the additional properties from the rule that will be added to the policy report result" + type: "object" skipBackgroundRequests: default: true description: "SkipBackgroundRequests bypasses admission requests that are sent by the background controller.\nThe default value is set to \"true\", it must be set to \"false\" to apply\ngenerate and mutateExisting rules to those requests." @@ -5069,6 +5324,10 @@ spec: validate: description: "Validation is used to validate matching resources." properties: + allowExistingViolations: + default: true + description: "AllowExistingViolations allows prexisting violating resources to continue violating a policy." + type: "boolean" anyPattern: description: "AnyPattern specifies list of validation patterns. At least one of the patterns\nmust be satisfied for the validation rule to succeed." x-kubernetes-preserve-unknown-fields: true @@ -5268,6 +5527,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -5288,6 +5558,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -5390,6 +5663,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" deny: @@ -5652,12 +5927,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -5950,12 +6229,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -6039,6 +6322,9 @@ spec: type: "array" type: "object" type: "array" + name: + description: "Name is the variable name." + type: "string" predicateType: description: "Deprecated in favour of 'Type', to be removed soon" type: "string" @@ -6203,12 +6489,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -6293,6 +6583,20 @@ spec: default: true description: "UseCache enables caching of image verify responses for this rule." type: "boolean" + validate: + description: "Validation checks conditions across multiple image\nverification attestations or context entries" + properties: + deny: + description: "Deny defines conditions used to pass or fail a validation rule." + properties: + conditions: + description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" + x-kubernetes-preserve-unknown-fields: true + type: "object" + message: + description: "Message specifies a custom message to be displayed on failure." + type: "string" + type: "object" verifyDigest: default: true description: "VerifyDigest validates that images have a digest." @@ -6384,8 +6688,6 @@ spec: - "generated" - "message" type: "object" - required: - - "ready" type: "object" required: - "spec" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2/cleanuppolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2/cleanuppolicies.yaml index be172dd16..9324258b7 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2/cleanuppolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2/cleanuppolicies.yaml @@ -114,6 +114,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -134,6 +145,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -236,10 +250,16 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" exclude: description: "ExcludeResources defines when cleanuppolicy should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -253,6 +273,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -397,6 +421,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -532,6 +560,10 @@ spec: type: "object" match: description: "MatchResources defines when cleanuppolicy should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -545,6 +577,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -689,6 +725,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2/clustercleanuppolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2/clustercleanuppolicies.yaml index 6d7ff45c7..d72f04d91 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2/clustercleanuppolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2/clustercleanuppolicies.yaml @@ -114,6 +114,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -134,6 +145,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -236,10 +250,16 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" exclude: description: "ExcludeResources defines when cleanuppolicy should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -253,6 +273,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -397,6 +421,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -532,6 +560,10 @@ spec: type: "object" match: description: "MatchResources defines when cleanuppolicy should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -545,6 +577,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -689,6 +725,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2/policyexceptions.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2/policyexceptions.yaml index fd30d4de3..6ed9068d5 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2/policyexceptions.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2/policyexceptions.yaml @@ -126,6 +126,10 @@ spec: type: "array" match: description: "Match defines match clause used to check if a resource applies to the exception" + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -139,6 +143,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -283,6 +291,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/globalcontextentries.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/globalcontextentries.yaml index cfeb00c51..c22ad7fe7 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/globalcontextentries.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/globalcontextentries.yaml @@ -45,6 +45,11 @@ spec: type: "object" spec: description: "Spec declares policy exception behaviors." + oneOf: + - required: + - "kubernetesResource" + - required: + - "apiCall" properties: apiCall: description: "Stores results from an API call which will be cached.\nMutually exclusive with KubernetesResource.\nThis can be used to make calls to external (non-Kubernetes API server) services.\nIt can also be used to make calls to the Kubernetes API server in such cases:\n1. A POST is needed to create a resource.\n2. Finer-grained control is needed. Example: To restrict the number of resources cached." @@ -171,8 +176,6 @@ spec: ready: description: "Deprecated in favor of Conditions" type: "boolean" - required: - - "ready" type: "object" required: - "spec" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/cleanuppolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/cleanuppolicies.yaml index ef76c0c09..50243f605 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/cleanuppolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/cleanuppolicies.yaml @@ -115,6 +115,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -135,6 +146,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -237,10 +251,16 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" exclude: description: "ExcludeResources defines when cleanuppolicy should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -254,6 +274,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -398,6 +422,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -533,6 +561,10 @@ spec: type: "object" match: description: "MatchResources defines when cleanuppolicy should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -546,6 +578,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -690,6 +726,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clustercleanuppolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clustercleanuppolicies.yaml index 3e2c48f59..873fa3221 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clustercleanuppolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clustercleanuppolicies.yaml @@ -115,6 +115,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -135,6 +146,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -237,10 +251,16 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" exclude: description: "ExcludeResources defines when cleanuppolicy should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -254,6 +274,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -398,6 +422,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -533,6 +561,10 @@ spec: type: "object" match: description: "MatchResources defines when cleanuppolicy should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -546,6 +578,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -690,6 +726,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml index 28cc5ad01..8b757bbe3 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml @@ -123,6 +123,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -143,6 +154,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -245,10 +259,16 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" exclude: description: "ExcludeResources defines when this policy rule should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -262,6 +282,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -406,6 +430,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -669,6 +697,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -689,6 +728,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -791,6 +833,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" data: @@ -939,6 +983,10 @@ spec: type: "object" match: description: "MatchResources defines when this policy rule should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -952,6 +1000,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -1096,6 +1148,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -1241,6 +1297,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -1261,6 +1328,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -1363,6 +1433,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" foreach: @@ -1483,6 +1555,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -1503,6 +1586,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -1605,6 +1691,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" kind: @@ -1972,6 +2060,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -1992,6 +2091,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -2094,6 +2196,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" deny: @@ -2356,12 +2460,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -2644,12 +2752,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -2733,6 +2845,9 @@ spec: type: "array" type: "object" type: "array" + name: + description: "Name is the variable name." + type: "string" predicateType: description: "Deprecated in favour of 'Type', to be removed soon" type: "string" @@ -2897,12 +3012,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -2969,6 +3088,20 @@ spec: default: true description: "UseCache enables caching of image verify responses for this rule" type: "boolean" + validate: + description: "Validation checks conditions across multiple image\nverification attestations or context entries" + properties: + deny: + description: "Deny defines conditions used to pass or fail a validation rule." + properties: + conditions: + description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" + x-kubernetes-preserve-unknown-fields: true + type: "object" + message: + description: "Message specifies a custom message to be displayed on failure." + type: "string" + type: "object" verifyDigest: default: true description: "VerifyDigest validates that images have a digest." @@ -3111,6 +3244,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -3131,6 +3275,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -3233,10 +3380,16 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" exclude: description: "ExcludeResources defines when this policy rule should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -3250,6 +3403,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -3394,6 +3551,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -3533,6 +3694,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -3794,6 +3959,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -3814,6 +3990,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -3916,6 +4095,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" data: @@ -4064,6 +4245,10 @@ spec: type: "object" match: description: "MatchResources defines when this policy rule should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -4077,6 +4262,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -4221,6 +4410,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -4360,6 +4553,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -4503,6 +4700,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -4523,6 +4731,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -4625,6 +4836,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" foreach: @@ -4745,6 +4958,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -4765,6 +4989,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -4867,6 +5094,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" kind: @@ -4894,6 +5123,11 @@ spec: preconditions: description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements. A direct list\nof conditions (without `any` or `all` statements is supported for backwards compatibility but\nwill be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" x-kubernetes-preserve-unknown-fields: true + reportProperties: + additionalProperties: + type: "string" + description: "ReportProperties are the additional properties from the rule that will be added to the policy report result" + type: "object" skipBackgroundRequests: default: true description: "SkipBackgroundRequests bypasses admission requests that are sent by the background controller.\nThe default value is set to \"true\", it must be set to \"false\" to apply\ngenerate and mutateExisting rules to those requests." @@ -4901,6 +5135,10 @@ spec: validate: description: "Validation is used to validate matching resources." properties: + allowExistingViolations: + default: true + description: "AllowExistingViolations allows prexisting violating resources to continue violating a policy." + type: "boolean" anyPattern: description: "AnyPattern specifies list of validation patterns. At least one of the patterns\nmust be satisfied for the validation rule to succeed." x-kubernetes-preserve-unknown-fields: true @@ -5100,6 +5338,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -5120,6 +5369,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -5222,6 +5474,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" deny: @@ -5484,12 +5738,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -5782,12 +6040,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -5871,6 +6133,9 @@ spec: type: "array" type: "object" type: "array" + name: + description: "Name is the variable name." + type: "string" predicateType: description: "Deprecated in favour of 'Type', to be removed soon" type: "string" @@ -6035,12 +6300,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -6125,6 +6394,20 @@ spec: default: true description: "UseCache enables caching of image verify responses for this rule." type: "boolean" + validate: + description: "Validation checks conditions across multiple image\nverification attestations or context entries" + properties: + deny: + description: "Deny defines conditions used to pass or fail a validation rule." + properties: + conditions: + description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" + x-kubernetes-preserve-unknown-fields: true + type: "object" + message: + description: "Message specifies a custom message to be displayed on failure." + type: "string" + type: "object" verifyDigest: default: true description: "VerifyDigest validates that images have a digest." @@ -6216,8 +6499,6 @@ spec: - "generated" - "message" type: "object" - required: - - "ready" type: "object" required: - "spec" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml index 552705c71..aca3e02cd 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml @@ -123,6 +123,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -143,6 +154,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -245,10 +259,16 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" exclude: description: "ExcludeResources defines when this policy rule should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -262,6 +282,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -406,6 +430,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -669,6 +697,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -689,6 +728,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -791,6 +833,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" data: @@ -939,6 +983,10 @@ spec: type: "object" match: description: "MatchResources defines when this policy rule should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -952,6 +1000,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -1096,6 +1148,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -1241,6 +1297,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -1261,6 +1328,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -1363,6 +1433,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" foreach: @@ -1483,6 +1555,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -1503,6 +1586,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -1605,6 +1691,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" kind: @@ -1972,6 +2060,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -1992,6 +2091,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -2094,6 +2196,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" deny: @@ -2356,12 +2460,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -2644,12 +2752,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -2733,6 +2845,9 @@ spec: type: "array" type: "object" type: "array" + name: + description: "Name is the variable name." + type: "string" predicateType: description: "Deprecated in favour of 'Type', to be removed soon" type: "string" @@ -2897,12 +3012,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -2969,6 +3088,20 @@ spec: default: true description: "UseCache enables caching of image verify responses for this rule" type: "boolean" + validate: + description: "Validation checks conditions across multiple image\nverification attestations or context entries" + properties: + deny: + description: "Deny defines conditions used to pass or fail a validation rule." + properties: + conditions: + description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" + x-kubernetes-preserve-unknown-fields: true + type: "object" + message: + description: "Message specifies a custom message to be displayed on failure." + type: "string" + type: "object" verifyDigest: default: true description: "VerifyDigest validates that images have a digest." @@ -3111,6 +3244,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -3131,6 +3275,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -3233,10 +3380,16 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" exclude: description: "ExcludeResources defines when this policy rule should not be applied. The exclude\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the name or role." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -3250,6 +3403,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -3394,6 +3551,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -3533,6 +3694,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -3794,6 +3959,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -3814,6 +3990,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -3916,6 +4095,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" data: @@ -4064,6 +4245,10 @@ spec: type: "object" match: description: "MatchResources defines when this policy rule should be applied. The match\ncriteria can include resource information (e.g. kind, name, namespace, labels)\nand admission review request information like the user name or role.\nAt least one kind is required." + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -4077,6 +4262,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -4221,6 +4410,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -4360,6 +4553,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified.\nRequires at least one tag to be specified when under MatchResources.\nSpecifying ResourceDescription directly under match is being deprecated.\nPlease specify under \"any\" or \"all\" instead." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -4503,6 +4700,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -4523,6 +4731,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -4625,6 +4836,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" foreach: @@ -4745,6 +4958,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -4765,6 +4989,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -4867,6 +5094,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" kind: @@ -4894,6 +5123,11 @@ spec: preconditions: description: "Preconditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements. A direct list\nof conditions (without `any` or `all` statements is supported for backwards compatibility but\nwill be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" x-kubernetes-preserve-unknown-fields: true + reportProperties: + additionalProperties: + type: "string" + description: "ReportProperties are the additional properties from the rule that will be added to the policy report result" + type: "object" skipBackgroundRequests: default: true description: "SkipBackgroundRequests bypasses admission requests that are sent by the background controller.\nThe default value is set to \"true\", it must be set to \"false\" to apply\ngenerate and mutateExisting rules to those requests." @@ -4901,6 +5135,10 @@ spec: validate: description: "Validation is used to validate matching resources." properties: + allowExistingViolations: + default: true + description: "AllowExistingViolations allows prexisting violating resources to continue violating a policy." + type: "boolean" anyPattern: description: "AnyPattern specifies list of validation patterns. At least one of the patterns\nmust be satisfied for the validation rule to succeed." x-kubernetes-preserve-unknown-fields: true @@ -5100,6 +5338,17 @@ spec: description: "Context defines variables and data sources that can be used during rule execution." items: description: "ContextEntry adds variables and data sources to a rule Context. Either a\nConfigMap reference or a APILookup must be provided." + oneOf: + - required: + - "configMap" + - required: + - "apiCall" + - required: + - "imageRegistry" + - required: + - "variable" + - required: + - "globalReference" properties: apiCall: description: "APICall is an HTTP request to the Kubernetes API server, or other JSON web service.\nThe data returned is stored in the context with the name for the context entry." @@ -5120,6 +5369,9 @@ spec: - "value" type: "object" type: "array" + default: + description: "Default is an optional arbitrary JSON object that the context may take if the apiCall\nreturns error" + x-kubernetes-preserve-unknown-fields: true jmesPath: description: "JMESPath is an optional JSON Match Expression that can be used to\ntransform the JSON response returned from the server. For example\na JMESPath of \"items | length(@)\" applied to the API server response\nfor the URLPath \"/apis/apps/v1/deployments\" will return the total count\nof deployments across all namespaces." type: "string" @@ -5222,6 +5474,8 @@ spec: description: "Value is any arbitrary JSON object representable in YAML or JSON form." x-kubernetes-preserve-unknown-fields: true type: "object" + required: + - "name" type: "object" type: "array" deny: @@ -5484,12 +5738,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -5782,12 +6040,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -5871,6 +6133,9 @@ spec: type: "array" type: "object" type: "array" + name: + description: "Name is the variable name." + type: "string" predicateType: description: "Deprecated in favour of 'Type', to be removed soon" type: "string" @@ -6035,12 +6300,16 @@ spec: type: "object" signatureAlgorithm: default: "sha256" - description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + description: "Deprecated. Use attestor.signatureAlgorithm instead." type: "string" type: "object" repository: description: "Repository is an optional alternate OCI repository to use for signatures and attestations that match this rule.\nIf specified Repository will override other OCI image repository locations for this Attestor." type: "string" + signatureAlgorithm: + default: "sha256" + description: "Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512." + type: "string" type: "object" type: "array" type: "object" @@ -6125,6 +6394,20 @@ spec: default: true description: "UseCache enables caching of image verify responses for this rule." type: "boolean" + validate: + description: "Validation checks conditions across multiple image\nverification attestations or context entries" + properties: + deny: + description: "Deny defines conditions used to pass or fail a validation rule." + properties: + conditions: + description: "Multiple conditions can be declared under an `any` or `all` statement. A direct list\nof conditions (without `any` or `all` statements) is also supported for backwards compatibility\nbut will be deprecated in the next major release.\nSee: https://kyverno.io/docs/writing-policies/validate/#deny-rules" + x-kubernetes-preserve-unknown-fields: true + type: "object" + message: + description: "Message specifies a custom message to be displayed on failure." + type: "string" + type: "object" verifyDigest: default: true description: "VerifyDigest validates that images have a digest." @@ -6216,8 +6499,6 @@ spec: - "generated" - "message" type: "object" - required: - - "ready" type: "object" required: - "spec" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policyexceptions.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policyexceptions.yaml index c2878f0ba..229fe3736 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policyexceptions.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policyexceptions.yaml @@ -127,6 +127,10 @@ spec: type: "array" match: description: "Match defines match clause used to check if a resource applies to the exception" + not: + required: + - "any" + - "all" properties: all: description: "All allows specifying resources which will be ANDed" @@ -140,6 +144,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: @@ -284,6 +292,10 @@ spec: type: "array" resources: description: "ResourceDescription contains information about the resource being created or modified." + not: + required: + - "name" + - "names" properties: annotations: additionalProperties: diff --git a/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/instancemanagers.yaml b/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/instancemanagers.yaml index 51e07ea89..2d7b9ff84 100644 --- a/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/instancemanagers.yaml +++ b/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/instancemanagers.yaml @@ -59,6 +59,14 @@ spec: properties: dataEngine: type: "string" + dataEngineSpec: + properties: + v2: + properties: + cpuMask: + type: "string" + type: "object" + type: "object" image: type: "string" nodeID: @@ -79,6 +87,14 @@ spec: type: "integer" currentState: type: "string" + dataEngineStatus: + properties: + v2: + properties: + cpuMask: + type: "string" + type: "object" + type: "object" instanceEngines: additionalProperties: properties: diff --git a/crd-catalog/metal3-io/baremetal-operator/metal3.io/v1alpha1/baremetalhosts.yaml b/crd-catalog/metal3-io/baremetal-operator/metal3.io/v1alpha1/baremetalhosts.yaml index c05c87b2e..9fe3a8788 100644 --- a/crd-catalog/metal3-io/baremetal-operator/metal3.io/v1alpha1/baremetalhosts.yaml +++ b/crd-catalog/metal3-io/baremetal-operator/metal3.io/v1alpha1/baremetalhosts.yaml @@ -68,16 +68,16 @@ spec: type: "string" automatedCleaningMode: default: "metadata" - description: "When set to disabled, automated cleaning will be avoided during provisioning and deprovisioning." + description: "When set to disabled, automated cleaning will be skipped during provisioning and deprovisioning." enum: - "metadata" - "disabled" type: "string" bmc: - description: "How do we connect to the BMC?" + description: "How do we connect to the BMC (Baseboard Management Controller) on the host?" properties: address: - description: "Address holds the URL for accessing the controller on the network." + description: "Address holds the URL for accessing the controller on the network. The scheme part designates the driver to use with the host." type: "string" credentialsName: description: "The name of the secret containing the BMC credentials (requires keys \"username\" and \"password\")." @@ -90,18 +90,18 @@ spec: - "credentialsName" type: "object" bootMACAddress: - description: "Which MAC address will PXE boot? This is optional for some types, but required for libvirt VMs driven by vbmc." + description: "The MAC address of the NIC used for provisioning the host. In case of network boot, this is the MAC address of the PXE booting interface. The MAC address of the BMC must never be used here!" pattern: "[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}" type: "string" bootMode: - description: "Select the method of initializing the hardware during boot. Defaults to UEFI." + description: "Select the method of initializing the hardware during boot. Defaults to UEFI. Legacy boot should only be used for hardware that does not support UEFI correctly. Set to UEFISecureBoot to turn secure boot on automatically after provisioning." enum: - "UEFI" - "UEFISecureBoot" - "legacy" type: "string" consumerRef: - description: "ConsumerRef can be used to store information about something that is using a host. When it is not empty, the host is considered \"in use\"." + description: "ConsumerRef can be used to store information about something that is using a host. When it is not empty, the host is considered \"in use\". The common use case is a link to a Machine resource when the host is used by Cluster API." properties: apiVersion: description: "API version of the referent." @@ -127,7 +127,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" customDeploy: - description: "A custom deploy procedure." + description: "A custom deploy procedure. This is an advanced feature that allows using a custom deploy step provided by a site-specific deployment ramdisk. Most users will want to use \"image\" instead. Settings this field triggers provisioning." properties: method: description: "Custom deploy method name. This name is specific to the deploy ramdisk used. If you don't have a custom deploy ramdisk, you shouldn't use CustomDeploy." @@ -136,28 +136,28 @@ spec: - "method" type: "object" description: - description: "Description is a human-entered text used to help identify the host" + description: "Description is a human-entered text used to help identify the host." type: "string" externallyProvisioned: - description: "ExternallyProvisioned means something else is managing the image running on the host and the operator should only manage the power status and hardware inventory inspection. If the Image field is filled in, this field is ignored." + description: "ExternallyProvisioned means something else has provisioned the image running on the host, and the operator should only manage the power status. This field is used for integration with already provisioned hosts and when pivoting hosts between clusters. If unsure, leave this field as false." type: "boolean" firmware: - description: "BIOS configuration for bare metal server" + description: "Firmware (BIOS) configuration for bare metal server. If set, the requested settings will be applied before the host is provisioned. Only some vendor drivers support this field. An alternative is to use HostFirmwareSettings resources that allow changing arbitrary values and support the generic Redfish-based drivers." properties: simultaneousMultithreadingEnabled: - description: "Allows a single physical processor core to appear as several logical processors. This supports following options: true, false." + description: "Allows a single physical processor core to appear as several logical processors." enum: - true - false type: "boolean" sriovEnabled: - description: "SR-IOV support enables a hypervisor to create virtual instances of a PCI-express device, potentially increasing performance. This supports following options: true, false." + description: "SR-IOV support enables a hypervisor to create virtual instances of a PCI-express device, potentially increasing performance." enum: - true - false type: "boolean" virtualizationEnabled: - description: "Supports the virtualization of platform hardware. This supports following options: true, false." + description: "Supports the virtualization of platform hardware." enum: - true - false @@ -167,10 +167,10 @@ spec: description: "What is the name of the hardware profile for this host? Hardware profiles are deprecated and should not be used. Use the separate fields Architecture and RootDeviceHints instead. Set to \"empty\" to prepare for the future version of the API without hardware profiles." type: "string" image: - description: "Image holds the details of the image to be provisioned." + description: "Image holds the details of the image to be provisioned. Populating the image will cause the host to start provisioning." properties: checksum: - description: "Checksum is the checksum for the image." + description: "Checksum is the checksum for the image. Required for all formats except for \"live-iso\"." type: "string" checksumType: description: "ChecksumType is the checksum algorithm for the image, e.g md5, sha256 or sha512. The special value \"auto\" can be used to detect the algorithm from the checksum. If missing, MD5 is used. If in doubt, use \"auto\"." @@ -181,7 +181,7 @@ spec: - "auto" type: "string" format: - description: "DiskFormat contains the format of the image (raw, qcow2, ...). Needs to be set to raw for raw images streaming. Note live-iso means an iso referenced by the url will be live-booted and not deployed to disk, and in this case the checksum options are not required and if specified will be ignored." + description: "Format contains the format of the image (raw, qcow2, ...). When set to \"live-iso\", an ISO 9660 image referenced by the url will be live-booted and not deployed to disk." enum: - "raw" - "qcow2" @@ -196,7 +196,7 @@ spec: - "url" type: "object" metaData: - description: "MetaData holds the reference to the Secret containing host metadata (e.g. meta_data.json) which is passed to the Config Drive." + description: "MetaData holds the reference to the Secret containing host metadata which is passed to the Config Drive. By default, the operater will generate metadata for the host, so most users do not need to set this field." properties: name: description: "name is unique within a namespace to reference a secret resource." @@ -207,7 +207,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" networkData: - description: "NetworkData holds the reference to the Secret containing network configuration (e.g content of network_data.json) which is passed to the Config Drive." + description: "NetworkData holds the reference to the Secret containing network configuration which is passed to the Config Drive and interpreted by the first boot software such as cloud-init." properties: name: description: "name is unique within a namespace to reference a secret resource." @@ -218,13 +218,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" online: - description: "Should the server be online?" + description: "Should the host be powered on? Changing this value will trigger a change in power state of the host." type: "boolean" preprovisioningNetworkDataName: - description: "PreprovisioningNetworkDataName is the name of the Secret in the local namespace containing network configuration (e.g content of network_data.json) which is passed to the preprovisioning image, and to the Config Drive if not overridden by specifying NetworkData." + description: "PreprovisioningNetworkDataName is the name of the Secret in the local namespace containing network configuration which is passed to the preprovisioning image, and to the Config Drive if not overridden by specifying NetworkData." type: "string" raid: - description: "RAID configuration for bare metal server" + description: "RAID configuration for bare metal server. If set, the RAID settings will be applied before the host is provisioned. If not, the current settings will not be modified. Only one of the sub-fields hardwareRAIDVolumes and softwareRAIDVolumes can be set at the same time." properties: hardwareRAIDVolumes: description: "The list of logical disks for hardware RAID, if rootDeviceHints isn't used, first volume is root volume. You can set the value of this field to `[]` to clear all the hardware RAID configurations." @@ -232,10 +232,10 @@ spec: description: "HardwareRAIDVolume defines the desired configuration of volume in hardware RAID." properties: controller: - description: "The name of the RAID controller to use" + description: "The name of the RAID controller to use." type: "string" level: - description: "RAID level for the logical disk. The following levels are supported: 0;1;2;5;6;1+0;5+0;6+0." + description: "RAID level for the logical disk. The following levels are supported: 0, 1, 2, 5, 6, 1+0, 5+0, 6+0 (drivers may support only some of them)." enum: - "0" - "1" @@ -247,7 +247,7 @@ spec: - "6+0" type: "string" name: - description: "Name of the volume. Should be unique within the Node. If not specified, volume name will be auto-generated." + description: "Name of the volume. Should be unique within the Node. If not specified, the name will be auto-generated." maxLength: 64 type: "string" numberOfPhysicalDisks: @@ -255,15 +255,15 @@ spec: minimum: 1.0 type: "integer" physicalDisks: - description: "Optional list of physical disk names to be used for the Hardware RAID volumes. The disk names are interpreted by the Hardware RAID controller, and the format is hardware specific." + description: "Optional list of physical disk names to be used for the hardware RAID volumes. The disk names are interpreted by the hardware RAID controller, and the format is hardware specific." items: type: "string" type: "array" rotational: - description: "Select disks with only rotational or solid-state storage" + description: "Select disks with only rotational (if set to true) or solid-state (if set to false) storage. By default, any disks can be picked." type: "boolean" sizeGibibytes: - description: "Size (Integer) of the logical disk to be created in GiB. If unspecified or set be 0, the maximum capacity of disk will be used for logical disk." + description: "Size of the logical disk to be created in GiB. If unspecified or set be 0, the maximum capacity of disk will be used for logical disk." minimum: 0.0 type: "integer" required: @@ -277,7 +277,7 @@ spec: description: "SoftwareRAIDVolume defines the desired configuration of volume in software RAID." properties: level: - description: "RAID level for the logical disk. The following levels are supported: 0;1;1+0." + description: "RAID level for the logical disk. The following levels are supported: 0, 1 and 1+0." enum: - "0" - "1" @@ -323,7 +323,7 @@ spec: minItems: 2 type: "array" sizeGibibytes: - description: "Size (Integer) of the logical disk to be created in GiB. If unspecified or set be 0, the maximum capacity of disk will be used for logical disk." + description: "Size of the logical disk to be created in GiB. If unspecified or set be 0, the maximum capacity of disk will be used for logical disk." minimum: 0.0 type: "integer" required: @@ -334,7 +334,7 @@ spec: type: "array" type: "object" rootDeviceHints: - description: "Provide guidance about how to choose the device for the image being provisioned." + description: "Provide guidance about how to choose the device for the image being provisioned. The default is currently to use /dev/sda as the root device." properties: deviceName: description: "A Linux device name like \"/dev/vda\", or a by-path link to it like \"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0\". The hint must match the actual value exactly." @@ -392,7 +392,7 @@ spec: type: "object" type: "array" userData: - description: "UserData holds the reference to the Secret containing the user data to be passed to the host before it boots." + description: "UserData holds the reference to the Secret containing the user data which is passed to the Config Drive and interpreted by the first-boot software such as cloud-init. The format of user data is specific to the first-boot software." properties: name: description: "name is unique within a namespace to reference a secret resource." @@ -413,7 +413,7 @@ spec: description: "ErrorCount records how many times the host has encoutered an error since the last successful operation" type: "integer" errorMessage: - description: "the last error message reported by the provisioning subsystem" + description: "The last error message reported by the provisioning subsystem." type: "string" errorType: description: "ErrorType indicates the type of failure encountered when the OperationalStatus is OperationalStatusError" @@ -426,7 +426,7 @@ spec: - "power management error" type: "string" goodCredentials: - description: "the last credentials we were able to validate as working" + description: "The last credentials we were able to validate as working." properties: credentials: description: "SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace" @@ -443,10 +443,10 @@ spec: type: "string" type: "object" hardware: - description: "The hardware discovered to exist on the host." + description: "The hardware discovered to exist on the host. This field will be removed in the next API version in favour of the separate HardwareData resource." properties: cpu: - description: "CPU describes one processor on the host." + description: "Details of the CPU(s) in the system." properties: arch: type: "string" @@ -464,7 +464,7 @@ spec: type: "string" type: "object" firmware: - description: "Firmware describes the firmware on the host." + description: "System firmware information." properties: bios: description: "The BIOS for this firmware" @@ -483,6 +483,7 @@ spec: hostname: type: "string" nics: + description: "List of network interfaces for the host." items: description: "NIC describes one network interface on the host." properties: @@ -529,8 +530,10 @@ spec: type: "object" type: "array" ramMebibytes: + description: "The host's amount of memory in Mebibytes." type: "integer" storage: + description: "List of storage (disk, SSD, etc.) available to the host." items: description: "Storage describes one storage device (disk, SSD, etc.) on the host." properties: @@ -580,7 +583,7 @@ spec: type: "object" type: "array" systemVendor: - description: "HardwareSystemVendor stores details about the whole hardware system." + description: "System vendor information." properties: manufacturer: type: "string" @@ -660,13 +663,13 @@ spec: - "detached" type: "string" poweredOn: - description: "indicator for whether or not the host is powered on" + description: "Whether or not the host is currently powered on. This field may get briefly out of sync with the actual state of the hardware while provisioning processes are running." type: "boolean" provisioning: description: "Information tracked by the provisioner." properties: ID: - description: "The machine's UUID from the underlying provisioning tool" + description: "The hosts's ID from the underlying provisioning tool (e.g. the Ironic node UUID)." type: "string" bootMode: description: "BootMode indicates the boot mode used to provision the node" @@ -685,22 +688,22 @@ spec: - "method" type: "object" firmware: - description: "The Bios set by the user" + description: "The firmware settings that have been applied." properties: simultaneousMultithreadingEnabled: - description: "Allows a single physical processor core to appear as several logical processors. This supports following options: true, false." + description: "Allows a single physical processor core to appear as several logical processors." enum: - true - false type: "boolean" sriovEnabled: - description: "SR-IOV support enables a hypervisor to create virtual instances of a PCI-express device, potentially increasing performance. This supports following options: true, false." + description: "SR-IOV support enables a hypervisor to create virtual instances of a PCI-express device, potentially increasing performance." enum: - true - false type: "boolean" virtualizationEnabled: - description: "Supports the virtualization of platform hardware. This supports following options: true, false." + description: "Supports the virtualization of platform hardware." enum: - true - false @@ -710,7 +713,7 @@ spec: description: "Image holds the details of the last image successfully provisioned to the host." properties: checksum: - description: "Checksum is the checksum for the image." + description: "Checksum is the checksum for the image. Required for all formats except for \"live-iso\"." type: "string" checksumType: description: "ChecksumType is the checksum algorithm for the image, e.g md5, sha256 or sha512. The special value \"auto\" can be used to detect the algorithm from the checksum. If missing, MD5 is used. If in doubt, use \"auto\"." @@ -721,7 +724,7 @@ spec: - "auto" type: "string" format: - description: "DiskFormat contains the format of the image (raw, qcow2, ...). Needs to be set to raw for raw images streaming. Note live-iso means an iso referenced by the url will be live-booted and not deployed to disk, and in this case the checksum options are not required and if specified will be ignored." + description: "Format contains the format of the image (raw, qcow2, ...). When set to \"live-iso\", an ISO 9660 image referenced by the url will be live-booted and not deployed to disk." enum: - "raw" - "qcow2" @@ -736,7 +739,7 @@ spec: - "url" type: "object" raid: - description: "The Raid set by the user" + description: "The RAID configuration that has been applied." properties: hardwareRAIDVolumes: description: "The list of logical disks for hardware RAID, if rootDeviceHints isn't used, first volume is root volume. You can set the value of this field to `[]` to clear all the hardware RAID configurations." @@ -744,10 +747,10 @@ spec: description: "HardwareRAIDVolume defines the desired configuration of volume in hardware RAID." properties: controller: - description: "The name of the RAID controller to use" + description: "The name of the RAID controller to use." type: "string" level: - description: "RAID level for the logical disk. The following levels are supported: 0;1;2;5;6;1+0;5+0;6+0." + description: "RAID level for the logical disk. The following levels are supported: 0, 1, 2, 5, 6, 1+0, 5+0, 6+0 (drivers may support only some of them)." enum: - "0" - "1" @@ -759,7 +762,7 @@ spec: - "6+0" type: "string" name: - description: "Name of the volume. Should be unique within the Node. If not specified, volume name will be auto-generated." + description: "Name of the volume. Should be unique within the Node. If not specified, the name will be auto-generated." maxLength: 64 type: "string" numberOfPhysicalDisks: @@ -767,15 +770,15 @@ spec: minimum: 1.0 type: "integer" physicalDisks: - description: "Optional list of physical disk names to be used for the Hardware RAID volumes. The disk names are interpreted by the Hardware RAID controller, and the format is hardware specific." + description: "Optional list of physical disk names to be used for the hardware RAID volumes. The disk names are interpreted by the hardware RAID controller, and the format is hardware specific." items: type: "string" type: "array" rotational: - description: "Select disks with only rotational or solid-state storage" + description: "Select disks with only rotational (if set to true) or solid-state (if set to false) storage. By default, any disks can be picked." type: "boolean" sizeGibibytes: - description: "Size (Integer) of the logical disk to be created in GiB. If unspecified or set be 0, the maximum capacity of disk will be used for logical disk." + description: "Size of the logical disk to be created in GiB. If unspecified or set be 0, the maximum capacity of disk will be used for logical disk." minimum: 0.0 type: "integer" required: @@ -789,7 +792,7 @@ spec: description: "SoftwareRAIDVolume defines the desired configuration of volume in software RAID." properties: level: - description: "RAID level for the logical disk. The following levels are supported: 0;1;1+0." + description: "RAID level for the logical disk. The following levels are supported: 0, 1 and 1+0." enum: - "0" - "1" @@ -835,7 +838,7 @@ spec: minItems: 2 type: "array" sizeGibibytes: - description: "Size (Integer) of the logical disk to be created in GiB. If unspecified or set be 0, the maximum capacity of disk will be used for logical disk." + description: "Size of the logical disk to be created in GiB. If unspecified or set be 0, the maximum capacity of disk will be used for logical disk." minimum: 0.0 type: "integer" required: @@ -846,7 +849,7 @@ spec: type: "array" type: "object" rootDeviceHints: - description: "The RootDevicehints set by the user" + description: "The root device hints set by the user." properties: deviceName: description: "A Linux device name like \"/dev/vda\", or a by-path link to it like \"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0\". The hint must match the actual value exactly." @@ -881,14 +884,14 @@ spec: type: "string" type: "object" state: - description: "An indiciator for what the provisioner is doing with the host." + description: "An indicator for what the provisioner is doing with the host." type: "string" required: - "ID" - "state" type: "object" triedCredentials: - description: "the last credentials we sent to the provisioning backend" + description: "The last credentials we sent to the provisioning backend." properties: credentials: description: "SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace" diff --git a/crd-catalog/metal3-io/baremetal-operator/metal3.io/v1alpha1/hardwaredata.yaml b/crd-catalog/metal3-io/baremetal-operator/metal3.io/v1alpha1/hardwaredata.yaml index c26bbd6d5..44857e403 100644 --- a/crd-catalog/metal3-io/baremetal-operator/metal3.io/v1alpha1/hardwaredata.yaml +++ b/crd-catalog/metal3-io/baremetal-operator/metal3.io/v1alpha1/hardwaredata.yaml @@ -40,7 +40,7 @@ spec: description: "The hardware discovered on the host during its inspection." properties: cpu: - description: "CPU describes one processor on the host." + description: "Details of the CPU(s) in the system." properties: arch: type: "string" @@ -58,7 +58,7 @@ spec: type: "string" type: "object" firmware: - description: "Firmware describes the firmware on the host." + description: "System firmware information." properties: bios: description: "The BIOS for this firmware" @@ -77,6 +77,7 @@ spec: hostname: type: "string" nics: + description: "List of network interfaces for the host." items: description: "NIC describes one network interface on the host." properties: @@ -123,8 +124,10 @@ spec: type: "object" type: "array" ramMebibytes: + description: "The host's amount of memory in Mebibytes." type: "integer" storage: + description: "List of storage (disk, SSD, etc.) available to the host." items: description: "Storage describes one storage device (disk, SSD, etc.) on the host." properties: @@ -174,7 +177,7 @@ spec: type: "object" type: "array" systemVendor: - description: "HardwareSystemVendor stores details about the whole hardware system." + description: "System vendor information." properties: manufacturer: type: "string" diff --git a/crd-catalog/minio/operator/sts.min.io/v1alpha1/policybindings.yaml b/crd-catalog/minio/operator/sts.min.io/v1alpha1/policybindings.yaml index 16e7dea52..46f1b2806 100644 --- a/crd-catalog/minio/operator/sts.min.io/v1alpha1/policybindings.yaml +++ b/crd-catalog/minio/operator/sts.min.io/v1alpha1/policybindings.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: annotations: controller-gen.kubebuilder.io/version: "v0.15.0" - operator.min.io/version: "v5.0.15" + operator.min.io/version: "v6.0.3" name: "policybindings.sts.min.io" spec: group: "sts.min.io" diff --git a/crd-catalog/minio/operator/sts.min.io/v1beta1/policybindings.yaml b/crd-catalog/minio/operator/sts.min.io/v1beta1/policybindings.yaml index 14461d58f..91054b5f0 100644 --- a/crd-catalog/minio/operator/sts.min.io/v1beta1/policybindings.yaml +++ b/crd-catalog/minio/operator/sts.min.io/v1beta1/policybindings.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: annotations: controller-gen.kubebuilder.io/version: "v0.15.0" - operator.min.io/version: "v5.0.15" + operator.min.io/version: "v6.0.3" name: "policybindings.sts.min.io" spec: group: "sts.min.io" diff --git a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta1/flowcollectors.yaml b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta1/flowcollectors.yaml index 8362672ba..20a2bc074 100644 --- a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta1/flowcollectors.yaml +++ b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta1/flowcollectors.yaml @@ -77,13 +77,14 @@ spec: type: "string" type: "array" features: - description: "List of additional features to enable. They are all disabled by default. Enabling additional features might have performance impacts. Possible values are:
\n- `PacketDrop`: enable the packets drop flows logging feature. This feature requires mounting\nthe kernel debug filesystem, so the eBPF pod has to run as privileged.\nIf the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.
\n- `DNSTracking`: enable the DNS tracking feature.
\n- `FlowRTT`: enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic.
" + description: "List of additional features to enable. They are all disabled by default. Enabling additional features might have performance impacts. Possible values are:
\n- `PacketDrop`: enable the packets drop flows logging feature. This feature requires mounting\nthe kernel debug filesystem, so the eBPF pod has to run as privileged.\nIf the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.
\n- `DNSTracking`: enable the DNS tracking feature.
\n- `FlowRTT`: enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic.
\n- `NetworkEvents`: enable the Network events monitoring feature. This feature requires mounting\nthe kernel debug filesystem, so the eBPF pod has to run as privileged." items: - description: "Agent feature, can be one of:
\n- `PacketDrop`, to track packet drops.
\n- `DNSTracking`, to track specific information on DNS traffic.
\n- `FlowRTT`, to track TCP latency. [Unsupported (*)].
" + description: "Agent feature, can be one of:
\n- `PacketDrop`, to track packet drops.
\n- `DNSTracking`, to track specific information on DNS traffic.
\n- `FlowRTT`, to track TCP latency [Unsupported (*)].
\n- `NetworkEvents`, to track Network events.
" enum: - "PacketDrop" - "DNSTracking" - "FlowRTT" + - "NetworkEvents" type: "string" type: "array" flowFilter: diff --git a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml index e6d2b4846..7a03ae2f9 100644 --- a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml +++ b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml @@ -666,13 +666,14 @@ spec: type: "string" type: "array" features: - description: "List of additional features to enable. They are all disabled by default. Enabling additional features might have performance impacts. Possible values are:
\n- `PacketDrop`: enable the packets drop flows logging feature. This feature requires mounting\nthe kernel debug filesystem, so the eBPF pod has to run as privileged.\nIf the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.
\n- `DNSTracking`: enable the DNS tracking feature.
\n- `FlowRTT`: enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic.
" + description: "List of additional features to enable. They are all disabled by default. Enabling additional features might have performance impacts. Possible values are:
\n- `PacketDrop`: enable the packets drop flows logging feature. This feature requires mounting\nthe kernel debug filesystem, so the eBPF pod has to run as privileged.\nIf the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.
\n- `DNSTracking`: enable the DNS tracking feature.
\n- `FlowRTT`: enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic.
\n- `NetworkEvents`: enable the Network events monitoring feature. This feature requires mounting\nthe kernel debug filesystem, so the eBPF pod has to run as privileged." items: - description: "Agent feature, can be one of:
\n- `PacketDrop`, to track packet drops.
\n- `DNSTracking`, to track specific information on DNS traffic.
\n- `FlowRTT`, to track TCP latency.
" + description: "Agent feature, can be one of:
\n- `PacketDrop`, to track packet drops.
\n- `DNSTracking`, to track specific information on DNS traffic.
\n- `FlowRTT`, to track TCP latency.
\n- `NetworkEvents`, to track Network events.
" enum: - "PacketDrop" - "DNSTracking" - "FlowRTT" + - "NetworkEvents" type: "string" type: "array" flowFilter: diff --git a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/globalconfigurations.yaml b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/globalconfigurations.yaml index 4a1533e8b..897cce45b 100644 --- a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/globalconfigurations.yaml +++ b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/globalconfigurations.yaml @@ -35,6 +35,10 @@ spec: items: description: "Listener defines a listener." properties: + ipv4: + type: "string" + ipv6: + type: "string" name: type: "string" port: diff --git a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgbackups.yaml b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgbackups.yaml index 2c01e97b5..0881631c7 100644 --- a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgbackups.yaml +++ b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgbackups.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "perconapgbackups.pgv2.percona.com" spec: group: "pgv2.percona.com" @@ -258,7 +258,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." diff --git a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml index e2a46cd7a..55e910672 100644 --- a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml +++ b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "perconapgclusters.pgv2.percona.com" spec: group: "pgv2.percona.com" @@ -55,10 +55,10 @@ spec: configuration: description: "Projected volumes containing custom pgBackRest configuration. These files are mounted\nunder \"/etc/pgbackrest/conf.d\" alongside any pgBackRest configuration generated by the\nPostgreSQL Operator:\nhttps://pgbackrest.org/configuration.html" items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -134,7 +134,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -221,7 +221,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -256,13 +256,16 @@ spec: description: "Resource requirements for a sidecar container" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -297,13 +300,16 @@ spec: description: "Resource requirements for a sidecar container" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -523,13 +529,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -628,13 +634,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -732,13 +738,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -837,13 +843,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -904,13 +910,16 @@ spec: description: "Resource limits for backup jobs. Includes manual, scheduled and replica\ncreate backups" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -953,7 +962,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -993,18 +1002,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -1278,13 +1290,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1383,13 +1395,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1487,13 +1499,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1592,13 +1604,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1659,13 +1671,16 @@ spec: description: "Resource requirements for a pgBackRest repository host" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1708,7 +1723,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -1748,18 +1763,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -1820,7 +1838,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -1853,7 +1871,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -1922,7 +1940,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -1932,14 +1950,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -2121,7 +2139,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -2324,13 +2342,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -2429,13 +2447,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -2533,13 +2551,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -2638,13 +2656,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -2724,13 +2742,16 @@ spec: description: "Resource requirements for the pgBackRest restore Job." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2794,13 +2815,16 @@ spec: description: "Resource requirements for a sidecar container" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2835,13 +2859,16 @@ spec: description: "Resource requirements for a sidecar container" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2873,6 +2900,9 @@ spec: required: - "repos" type: "object" + trackLatestRestorableTime: + description: "Enable tracking latest restorable time" + type: "boolean" required: - "pgbackrest" type: "object" @@ -3065,13 +3095,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -3170,13 +3200,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -3274,13 +3304,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -3379,13 +3409,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -3442,10 +3472,10 @@ spec: configuration: description: "Projected volumes containing custom pgBackRest configuration. These files are mounted\nunder \"/etc/pgbackrest/conf.d\" alongside any pgBackRest configuration generated by the\nPostgreSQL Operator:\nhttps://pgbackrest.org/configuration.html" items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -3521,7 +3551,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -3608,7 +3638,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -3811,7 +3841,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -3830,13 +3860,16 @@ spec: description: "Resource requirements for the pgBackRest restore Job." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -4077,13 +4110,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -4182,13 +4215,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -4286,13 +4319,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -4391,13 +4424,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -4473,13 +4506,16 @@ spec: description: "Resource requirements for the pgBackRest restore Job." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -4778,7 +4814,7 @@ spec: region: type: "string" secret: - description: "Adapts a secret into a projected volume.\n\n\nThe contents of the target Secret's Data field will be presented in a\nprojected volume as files using the keys in the Data field as the file names.\nNote that this is identical to a secret volume source without the default\nmode." + description: "Adapts a secret into a projected volume.\n\nThe contents of the target Secret's Data field will be presented in a\nprojected volume as files using the keys in the Data field as the file names.\nNote that this is identical to a secret volume source without the default\nmode." properties: items: description: "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." @@ -4803,7 +4839,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4837,7 +4873,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -5026,13 +5062,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -5131,13 +5167,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -5235,13 +5271,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -5340,13 +5376,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -5410,13 +5446,16 @@ spec: description: "Resource requirements for a sidecar container" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -5549,7 +5588,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -5597,7 +5636,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5647,7 +5686,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5674,7 +5713,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -5689,7 +5728,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -5888,7 +5927,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -6026,7 +6066,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -6126,13 +6167,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -6202,7 +6246,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -6241,7 +6285,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -6288,7 +6332,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -6419,7 +6464,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -6478,13 +6523,16 @@ spec: description: "Compute resources of a PostgreSQL container." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -6527,7 +6575,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -6567,18 +6615,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -6652,7 +6703,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6702,7 +6753,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6729,7 +6780,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -6744,7 +6795,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -6943,7 +6994,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -7081,7 +7133,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -7181,13 +7234,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -7257,7 +7313,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -7296,7 +7352,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -7343,7 +7399,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -7474,7 +7531,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -7605,7 +7662,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -7689,7 +7746,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -7699,14 +7756,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -7738,7 +7795,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -7855,7 +7912,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -7977,7 +8034,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -8016,7 +8073,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -8053,13 +8110,16 @@ spec: description: "Compute resources of a PMM container." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -8095,6 +8155,8 @@ spec: required: - "enabled" - "image" + - "secret" + - "serverHost" type: "object" port: default: 5432 @@ -8293,13 +8355,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -8398,13 +8460,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -8502,13 +8564,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -8607,13 +8669,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -8678,10 +8740,10 @@ spec: files: description: "Files to mount under \"/etc/pgbouncer\". When specified, settings in the\n\"pgbouncer.ini\" file are loaded before all others. From there, other\nfiles may be included by absolute path. Changing these references causes\nPgBouncer to restart, but changes to the file contents are automatically\nreloaded.\nMore info: https://www.pgbouncer.org/config.html#include-directive" items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -8757,7 +8819,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -8844,7 +8906,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -8890,13 +8952,16 @@ spec: description: "Resource requirements for a sidecar container" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -8951,7 +9016,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -9030,13 +9095,16 @@ spec: description: "Compute resources of a PgBouncer container. Changing this value causes\nPgBouncer to restart.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -9079,7 +9147,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -9119,18 +9187,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -9204,7 +9275,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -9254,7 +9325,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -9281,7 +9352,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -9296,7 +9367,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -9495,7 +9566,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -9633,7 +9705,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -9733,13 +9806,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -9809,7 +9885,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -9848,7 +9924,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -9895,7 +9971,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -10026,7 +10103,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -10111,7 +10188,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -10121,14 +10198,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -10174,7 +10251,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -10207,7 +10284,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -10304,6 +10381,9 @@ spec: size: format: "int32" type: "integer" + required: + - "ready" + - "size" type: "object" postgres: properties: @@ -10320,6 +10400,8 @@ spec: type: "integer" required: - "name" + - "ready" + - "size" type: "object" type: "array" ready: @@ -10328,6 +10410,10 @@ spec: size: format: "int32" type: "integer" + required: + - "instances" + - "ready" + - "size" type: "object" state: type: "string" diff --git a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgrestores.yaml b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgrestores.yaml index 7fa22f544..c10124b34 100644 --- a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgrestores.yaml +++ b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgrestores.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "perconapgrestores.pgv2.percona.com" spec: group: "pgv2.percona.com" diff --git a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgupgrades.yaml b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgupgrades.yaml index c395a2676..7d426d093 100644 --- a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgupgrades.yaml +++ b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgupgrades.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.1" name: "perconapgupgrades.pgv2.percona.com" spec: group: "pgv2.percona.com" @@ -208,13 +208,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -313,13 +313,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -417,13 +417,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -522,13 +522,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -604,7 +604,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -648,7 +648,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -698,7 +698,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -725,7 +725,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -740,7 +740,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -939,7 +939,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1077,7 +1078,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1177,13 +1179,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1253,7 +1258,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1292,7 +1297,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1339,7 +1344,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1470,7 +1476,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -1516,13 +1522,16 @@ spec: description: "Resource requirements for the PGUpgrade container." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1604,7 +1613,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -1631,7 +1640,7 @@ spec: conditions: description: "conditions represent the observations of PGUpgrade's current state." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -1660,7 +1669,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml index 805110827..fa203bb49 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml @@ -33,16 +33,134 @@ spec: spec: description: "ScrapeConfigSpec is a specification of the desired configuration for a scrape configuration." properties: - NomadSDConfigs: - description: "NomadSDConfigs defines a list of Nomad service discovery configurations." + authorization: + description: "Authorization header to use on every scrape request." + properties: + credentials: + description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" + type: "string" + type: "object" + azureSDConfigs: + description: "AzureSDConfigs defines a list of Azure service discovery configurations." items: - description: "NomadSDConfig configurations allow retrieving scrape targets from Nomad's Service API.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#nomad_sd_config" + description: "AzureSDConfig allow retrieving scrape targets from Azure VMs.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#azure_sd_config" + properties: + authenticationMethod: + description: "# The authentication method, either `OAuth` or `ManagedIdentity` or `SDK`.\nSee https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview\nSDK authentication method uses environment variables by default.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication" + enum: + - "OAuth" + - "ManagedIdentity" + - "SDK" + type: "string" + clientID: + description: "Optional client ID. Only required with the OAuth authentication method." + type: "string" + clientSecret: + description: "Optional client secret. Only required with the OAuth authentication method." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + environment: + description: "The Azure environment." + type: "string" + port: + description: "The port to scrape metrics from. If using the public IP address, this must\ninstead be specified in the relabeling rule." + type: "integer" + refreshInterval: + description: "RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list." + pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" + type: "string" + resourceGroup: + description: "Optional resource group name. Limits discovery to this resource group." + type: "string" + subscriptionID: + description: "The subscription ID. Always required." + minLength: 1 + type: "string" + tenantID: + description: "Optional tenant ID. Only required with the OAuth authentication method." + type: "string" + required: + - "subscriptionID" + type: "object" + type: "array" + basicAuth: + description: "BasicAuth information to use on every scrape request." + properties: + password: + description: "`password` specifies a key of a Secret containing the password for\nauthentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + username: + description: "`username` specifies a key of a Secret containing the username for\nauthentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + consulSDConfigs: + description: "ConsulSDConfigs defines a list of Consul service discovery configurations." + items: + description: "ConsulSDConfig defines a Consul service discovery configuration\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config" properties: allowStale: - description: "The information to access the Nomad API. It is to be defined\nas the Nomad documentation requires." + description: "Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul.\nIf unset, Prometheus uses its default value." type: "boolean" authorization: - description: "Authorization header to use on every scrape request." + description: "Authorization header configuration to authenticate against the Consul Server." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -66,7 +184,7 @@ spec: type: "string" type: "object" basicAuth: - description: "BasicAuth information to use on every scrape request." + description: "BasicAuth information to authenticate against the Consul Server.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoints" properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -103,19 +221,29 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "object" + datacenter: + description: "Consul Datacenter name, if not provided it will use the local Consul Agent Datacenter." + type: "string" enableHTTP2: - description: "Whether to enable HTTP2." + description: "Whether to enable HTTP2.\nIf unset, Prometheus uses its default value." type: "boolean" followRedirects: - description: "Configure whether HTTP requests follow HTTP 3xx redirects." + description: "Configure whether HTTP requests follow HTTP 3xx redirects.\nIf unset, Prometheus uses its default value." type: "boolean" namespace: + description: "Namespaces are only supported in Consul Enterprise." type: "string" noProxy: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" + nodeMeta: + additionalProperties: + type: "string" + description: "Node metadata key/value pairs to filter nodes for a given service." + type: "object" + x-kubernetes-map-type: "atomic" oauth2: - description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization` or `basic_auth`." + description: "Optional OAuth 2.0 configuration." properties: clientId: description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." @@ -343,6 +471,9 @@ spec: - "clientSecret" - "tokenUrl" type: "object" + partition: + description: "Admin Partitions are only supported in Consul Enterprise." + type: "string" proxyConnectHeader: additionalProperties: items: @@ -374,18 +505,36 @@ spec: pattern: "^http(s)?://.+$" type: "string" refreshInterval: - description: "Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function.\nSupported units: y, w, d, h, m, s, ms\nExamples: `30s`, `1m`, `1h20m15s`, `15d`" + description: "The time after which the provided names are refreshed.\nOn large setup it might be a good idea to increase this value because the catalog will change all the time.\nIf unset, Prometheus uses its default value." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" - region: + scheme: + description: "HTTP Scheme default \"http\"" + enum: + - "HTTP" + - "HTTPS" type: "string" server: + description: "A valid string consisting of a hostname or IP followed by an optional port number." minLength: 1 type: "string" + services: + description: "A list of services for which targets are retrieved. If omitted, all services are scraped." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" tagSeparator: + description: "The string by which Consul tags are joined into the tag label.\nIf unset, Prometheus uses its default value." type: "string" + tags: + description: "An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" tlsConfig: - description: "TLS configuration applying to the target HTTP endpoint." + description: "TLS Config" properties: ca: description: "Certificate authority used when verifying server certificates." @@ -503,51 +652,8 @@ spec: description: "Used to verify the hostname for the targets." type: "string" type: "object" - required: - - "server" - type: "object" - type: "array" - authorization: - description: "Authorization header to use on every scrape request." - properties: - credentials: - description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" - type: "string" - type: "object" - azureSDConfigs: - description: "AzureSDConfigs defines a list of Azure service discovery configurations." - items: - description: "AzureSDConfig allow retrieving scrape targets from Azure VMs.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#azure_sd_config" - properties: - authenticationMethod: - description: "# The authentication method, either `OAuth` or `ManagedIdentity` or `SDK`.\nSee https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview\nSDK authentication method uses environment variables by default.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication" - enum: - - "OAuth" - - "ManagedIdentity" - - "SDK" - type: "string" - clientID: - description: "Optional client ID. Only required with the OAuth authentication method." - type: "string" - clientSecret: - description: "Optional client secret. Only required with the OAuth authentication method." + tokenRef: + description: "Consul ACL TokenRef, if not provided it will use the ACL from the local Consul Agent." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -563,78 +669,17 @@ spec: - "key" type: "object" x-kubernetes-map-type: "atomic" - environment: - description: "The Azure environment." - type: "string" - port: - description: "The port to scrape metrics from. If using the public IP address, this must\ninstead be specified in the relabeling rule." - type: "integer" - refreshInterval: - description: "RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list." - pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" - type: "string" - resourceGroup: - description: "Optional resource group name. Limits discovery to this resource group." - type: "string" - subscriptionID: - description: "The subscription ID. Always required." - minLength: 1 - type: "string" - tenantID: - description: "Optional tenant ID. Only required with the OAuth authentication method." - type: "string" required: - - "subscriptionID" + - "server" type: "object" type: "array" - basicAuth: - description: "BasicAuth information to use on every scrape request." - properties: - password: - description: "`password` specifies a key of a Secret containing the password for\nauthentication." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - username: - description: "`username` specifies a key of a Secret containing the username for\nauthentication." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - consulSDConfigs: - description: "ConsulSDConfigs defines a list of Consul service discovery configurations." + digitalOceanSDConfigs: + description: "DigitalOceanSDConfigs defines a list of DigitalOcean service discovery configurations." items: - description: "ConsulSDConfig defines a Consul service discovery configuration\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config" + description: "DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API.\nThis service discovery uses the public IPv4 address by default, by that can be changed with relabeling\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config" properties: - allowStale: - description: "Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul.\nIf unset, Prometheus uses its default value." - type: "boolean" authorization: - description: "Authorization header configuration to authenticate against the Consul Server." + description: "Authorization header configuration to authenticate against the DigitalOcean API.\nCannot be set at the same time as `oauth2`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -657,67 +702,17 @@ spec: description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" - basicAuth: - description: "BasicAuth information to authenticate against the Consul Server.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoints" - properties: - password: - description: "`password` specifies a key of a Secret containing the password for\nauthentication." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - username: - description: "`username` specifies a key of a Secret containing the username for\nauthentication." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - datacenter: - description: "Consul Datacenter name, if not provided it will use the local Consul Agent Datacenter." - type: "string" enableHTTP2: - description: "Whether to enable HTTP2.\nIf unset, Prometheus uses its default value." + description: "Whether to enable HTTP2." type: "boolean" followRedirects: - description: "Configure whether HTTP requests follow HTTP 3xx redirects.\nIf unset, Prometheus uses its default value." + description: "Configure whether HTTP requests follow HTTP 3xx redirects." type: "boolean" - namespace: - description: "Namespaces are only supported in Consul Enterprise." - type: "string" noProxy: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" - nodeMeta: - additionalProperties: - type: "string" - description: "Node metadata key/value pairs to filter nodes for a given service." - type: "object" - x-kubernetes-map-type: "atomic" oauth2: - description: "Optional OAuth 2.0 configuration." + description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`." properties: clientId: description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." @@ -945,9 +940,9 @@ spec: - "clientSecret" - "tokenUrl" type: "object" - partition: - description: "Admin Partitions are only supported in Consul Enterprise." - type: "string" + port: + description: "The port to scrape metrics from." + type: "integer" proxyConnectHeader: additionalProperties: items: @@ -979,36 +974,11 @@ spec: pattern: "^http(s)?://.+$" type: "string" refreshInterval: - description: "The time after which the provided names are refreshed.\nOn large setup it might be a good idea to increase this value because the catalog will change all the time.\nIf unset, Prometheus uses its default value." + description: "Refresh interval to re-read the instance list." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" - scheme: - description: "HTTP Scheme default \"http\"" - enum: - - "HTTP" - - "HTTPS" - type: "string" - server: - description: "A valid string consisting of a hostname or IP followed by an optional port number." - minLength: 1 - type: "string" - services: - description: "A list of services for which targets are retrieved. If omitted, all services are scraped." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - tagSeparator: - description: "The string by which Consul tags are joined into the tag label.\nIf unset, Prometheus uses its default value." - type: "string" - tags: - description: "An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" tlsConfig: - description: "TLS Config" + description: "TLS configuration applying to the target HTTP endpoint." properties: ca: description: "Certificate authority used when verifying server certificates." @@ -1126,34 +1096,49 @@ spec: description: "Used to verify the hostname for the targets." type: "string" type: "object" - tokenRef: - description: "Consul ACL TokenRef, if not provided it will use the ACL from the local Consul Agent." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" + type: "object" + type: "array" + dnsSDConfigs: + description: "DNSSDConfigs defines a list of DNS service discovery configurations." + items: + description: "DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets.\nThe DNS servers to be contacted are read from /etc/resolv.conf.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config" + properties: + names: + description: "A list of DNS domain names to be queried." + items: + type: "string" + minItems: 1 + type: "array" + port: + description: "The port number used if the query type is not SRV\nIgnored for SRV records" + format: "int32" + maximum: 65535.0 + minimum: 0.0 + type: "integer" + refreshInterval: + description: "RefreshInterval configures the time after which the provided names are refreshed.\nIf not set, Prometheus uses its default value." + pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" + type: "string" + type: + description: "The type of DNS query to perform. One of SRV, A, AAAA, MX or NS.\nIf not set, Prometheus uses its default value.\n\nWhen set to NS, it requires Prometheus >= v2.49.0.\nWhen set to MX, it requires Prometheus >= v2.38.0" + enum: + - "A" + - "AAAA" + - "MX" + - "NS" + - "SRV" + type: "string" required: - - "server" + - "names" type: "object" type: "array" - digitalOceanSDConfigs: - description: "DigitalOceanSDConfigs defines a list of DigitalOcean service discovery configurations." + dockerSDConfigs: + description: "DockerSDConfigs defines a list of Docker service discovery configurations." items: - description: "DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API.\nThis service discovery uses the public IPv4 address by default, by that can be changed with relabeling\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config" + description: "Docker SD configurations allow retrieving scrape targets from Docker Engine hosts.\nThis SD discovers \"containers\" and will create a target for each network IP and\nport the container is configured to expose.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config" properties: authorization: - description: "Authorization header configuration to authenticate against the DigitalOcean API.\nCannot be set at the same time as `oauth2`." + description: "Authorization header configuration to authenticate against the Docker API.\nCannot be set at the same time as `oauth2`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -1176,12 +1161,82 @@ spec: description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" + basicAuth: + description: "BasicAuth information to use on every scrape request." + properties: + password: + description: "`password` specifies a key of a Secret containing the password for\nauthentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + username: + description: "`username` specifies a key of a Secret containing the username for\nauthentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" enableHTTP2: description: "Whether to enable HTTP2." type: "boolean" + filters: + description: "Optional filters to limit the discovery process to a subset of the available resources." + items: + description: "Filter name and value pairs to limit the discovery process to a subset of available resources." + properties: + name: + description: "Name of the Filter." + type: "string" + values: + description: "Value to filter on." + items: + type: "string" + minItems: 1 + type: "array" + required: + - "name" + - "values" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" followRedirects: description: "Configure whether HTTP requests follow HTTP 3xx redirects." type: "boolean" + host: + description: "Address of the docker daemon" + minLength: 1 + type: "string" + hostNetworkingHost: + description: "The host to use if the container is in host networking mode." + type: "string" + matchFirstNetwork: + description: "Configure whether to match the first network if the container has multiple networks defined.\nIf unset, Prometheus uses true by default.\nIt requires Prometheus >= v2.54.1." + type: "boolean" noProxy: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" @@ -1448,7 +1503,7 @@ spec: pattern: "^http(s)?://.+$" type: "string" refreshInterval: - description: "Refresh interval to re-read the instance list." + description: "Time after which the container is refreshed." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" tlsConfig: @@ -1570,49 +1625,17 @@ spec: description: "Used to verify the hostname for the targets." type: "string" type: "object" - type: "object" - type: "array" - dnsSDConfigs: - description: "DNSSDConfigs defines a list of DNS service discovery configurations." - items: - description: "DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets.\nThe DNS servers to be contacted are read from /etc/resolv.conf.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config" - properties: - names: - description: "A list of DNS domain names to be queried." - items: - type: "string" - minItems: 1 - type: "array" - port: - description: "The port number used if the query type is not SRV\nIgnored for SRV records" - format: "int32" - maximum: 65535.0 - minimum: 0.0 - type: "integer" - refreshInterval: - description: "RefreshInterval configures the time after which the provided names are refreshed.\nIf not set, Prometheus uses its default value." - pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" - type: "string" - type: - description: "The type of DNS query to perform. One of SRV, A, AAAA, MX or NS.\nIf not set, Prometheus uses its default value.\n\nWhen set to NS, it requires Prometheus >= v2.49.0.\nWhen set to MX, it requires Prometheus >= v2.38.0" - enum: - - "A" - - "AAAA" - - "MX" - - "NS" - - "SRV" - type: "string" required: - - "names" + - "host" type: "object" type: "array" - dockerSDConfigs: - description: "DockerSDConfigs defines a list of Docker service discovery configurations." + dockerSwarmSDConfigs: + description: "DockerswarmSDConfigs defines a list of Dockerswarm service discovery configurations." items: - description: "Docker SD configurations allow retrieving scrape targets from Docker Engine hosts.\nThis SD discovers \"containers\" and will create a target for each network IP and\nport the container is configured to expose.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config" + description: "DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config" properties: authorization: - description: "Authorization header configuration to authenticate against the Docker API.\nCannot be set at the same time as `oauth2`." + description: "Authorization header configuration to authenticate against the target HTTP endpoint." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -1636,7 +1659,7 @@ spec: type: "string" type: "object" basicAuth: - description: "BasicAuth information to use on every scrape request." + description: "Optional HTTP basic authentication information." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -1677,7 +1700,7 @@ spec: description: "Whether to enable HTTP2." type: "boolean" filters: - description: "Optional filters to limit the discovery process to a subset of the available resources." + description: "Optional filters to limit the discovery process to a subset of available\nresources.\nThe available filters are listed in the upstream documentation:\nServices: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList\nTasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList\nNodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList" items: description: "Filter name and value pairs to limit the discovery process to a subset of available resources." properties: @@ -1702,20 +1725,14 @@ spec: description: "Configure whether HTTP requests follow HTTP 3xx redirects." type: "boolean" host: - description: "Address of the docker daemon" - minLength: 1 - type: "string" - hostNetworkingHost: - description: "The host to use if the container is in host networking mode." + description: "Address of the Docker daemon" + pattern: "^[a-zA-Z][a-zA-Z0-9+.-]*://.+$" type: "string" - matchFirstNetwork: - description: "Configure whether to match the first network if the container has multiple networks defined.\nIf unset, Prometheus uses true by default.\nIt requires Prometheus >= v2.54.0." - type: "boolean" noProxy: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: - description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`." + description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`, or `basicAuth`." properties: clientId: description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." @@ -1944,7 +1961,10 @@ spec: - "tokenUrl" type: "object" port: - description: "The port to scrape metrics from." + description: "The port to scrape metrics from, when `role` is nodes, and for discovered\ntasks and services that don't have published ports." + format: "int32" + maximum: 65535.0 + minimum: 0.0 type: "integer" proxyConnectHeader: additionalProperties: @@ -1977,11 +1997,18 @@ spec: pattern: "^http(s)?://.+$" type: "string" refreshInterval: - description: "Time after which the container is refreshed." + description: "The time after which the service discovery data is refreshed." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" + role: + description: "Role of the targets to retrieve. Must be `Services`, `Tasks`, or `Nodes`." + enum: + - "Services" + - "Tasks" + - "Nodes" + type: "string" tlsConfig: - description: "TLS configuration applying to the target HTTP endpoint." + description: "TLS configuration to use on every scrape request" properties: ca: description: "Certificate authority used when verifying server certificates." @@ -2101,80 +2128,36 @@ spec: type: "object" required: - "host" + - "role" type: "object" type: "array" - dockerSwarmSDConfigs: - description: "DockerswarmSDConfigs defines a list of Dockerswarm service discovery configurations." + ec2SDConfigs: + description: "EC2SDConfigs defines a list of EC2 service discovery configurations." items: - description: "DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config" + description: "EC2SDConfig allow retrieving scrape targets from AWS EC2 instances.\nThe private IP address is used by default, but may be changed to the public IP address with relabeling.\nThe IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config\n\nThe EC2 service discovery requires AWS API keys or role ARN for authentication.\nBasicAuth, Authorization and OAuth2 fields are not present on purpose." properties: - authorization: - description: "Authorization header configuration to authenticate against the target HTTP endpoint." + accessKey: + description: "AccessKey is the AWS API key." properties: - credentials: - description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" + key: + description: "The key of the secret to select from. Must be a valid secret key." type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" type: "object" - basicAuth: - description: "Optional HTTP basic authentication information." - properties: - password: - description: "`password` specifies a key of a Secret containing the password for\nauthentication." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - username: - description: "`username` specifies a key of a Secret containing the username for\nauthentication." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" + x-kubernetes-map-type: "atomic" enableHTTP2: - description: "Whether to enable HTTP2." + description: "Whether to enable HTTP2.\nIt requires Prometheus >= v2.41.0" type: "boolean" filters: - description: "Optional filters to limit the discovery process to a subset of available\nresources.\nThe available filters are listed in the upstream documentation:\nServices: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList\nTasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList\nNodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList" + description: "Filters can be used optionally to filter the instance list by other criteria.\nAvailable filter criteria can be found here:\nhttps://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html\nFilter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html\nIt requires Prometheus >= v2.3.0" items: description: "Filter name and value pairs to limit the discovery process to a subset of available resources." properties: @@ -2196,20 +2179,81 @@ spec: - "name" x-kubernetes-list-type: "map" followRedirects: - description: "Configure whether HTTP requests follow HTTP 3xx redirects." + description: "Configure whether HTTP requests follow HTTP 3xx redirects.\nIt requires Prometheus >= v2.41.0" type: "boolean" - host: - description: "Address of the Docker daemon" - pattern: "^[a-zA-Z][a-zA-Z0-9+.-]*://.+$" - type: "string" noProxy: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" - oauth2: - description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`, or `basicAuth`." + port: + description: "The port to scrape metrics from. If using the public IP address, this must\ninstead be specified in the relabeling rule." + format: "int32" + maximum: 65535.0 + minimum: 0.0 + type: "integer" + proxyConnectHeader: + additionalProperties: + items: + description: "SecretKeySelector selects a key of a Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." + type: "object" + x-kubernetes-map-type: "atomic" + proxyFromEnvironment: + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." + type: "boolean" + proxyUrl: + description: "`proxyURL` defines the HTTP proxy server to use." + pattern: "^http(s)?://.+$" + type: "string" + refreshInterval: + description: "RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list." + pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" + type: "string" + region: + description: "The AWS region." + minLength: 1 + type: "string" + roleARN: + description: "AWS Role ARN, an alternative to using AWS API keys." + minLength: 1 + type: "string" + secretKey: + description: "SecretKey is the AWS API secret." properties: - clientId: - description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + tlsConfig: + description: "TLS configuration to connect to the AWS EC2 API.\nIt requires Prometheus >= v2.41.0" + properties: + ca: + description: "Certificate authority used when verifying server certificates." properties: configMap: description: "ConfigMap containing data to use for the targets." @@ -2246,26 +2290,226 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "object" - clientSecret: - description: "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret." + cert: + description: "Client certificate to present when doing client-authentication." properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - endpointParams: - additionalProperties: - type: "string" + configMap: + description: "ConfigMap containing data to use for the targets." + properties: + key: + description: "The key to select." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + secret: + description: "Secret containing data to use for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + insecureSkipVerify: + description: "Disable target certificate validation." + type: "boolean" + keySecret: + description: "Secret containing the client key file for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + maxVersion: + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." + enum: + - "TLS10" + - "TLS11" + - "TLS12" + - "TLS13" + type: "string" + minVersion: + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." + enum: + - "TLS10" + - "TLS11" + - "TLS12" + - "TLS13" + type: "string" + serverName: + description: "Used to verify the hostname for the targets." + type: "string" + type: "object" + type: "object" + type: "array" + enableCompression: + description: "When false, Prometheus will request uncompressed response from the scraped target.\n\nIt requires Prometheus >= v2.49.0.\n\nIf unset, Prometheus uses true by default." + type: "boolean" + eurekaSDConfigs: + description: "EurekaSDConfigs defines a list of Eureka service discovery configurations." + items: + description: "Eureka SD configurations allow retrieving scrape targets using the Eureka REST API.\nPrometheus will periodically check the REST endpoint and create a target for every app instance.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config" + properties: + authorization: + description: "Authorization header to use on every scrape request." + properties: + credentials: + description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" + type: "string" + type: "object" + basicAuth: + description: "BasicAuth information to use on every scrape request." + properties: + password: + description: "`password` specifies a key of a Secret containing the password for\nauthentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + username: + description: "`username` specifies a key of a Secret containing the username for\nauthentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + enableHTTP2: + description: "Whether to enable HTTP2." + type: "boolean" + followRedirects: + description: "Configure whether HTTP requests follow HTTP 3xx redirects." + type: "boolean" + noProxy: + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." + type: "string" + oauth2: + description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization` or `basic_auth`." + properties: + clientId: + description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." + properties: + configMap: + description: "ConfigMap containing data to use for the targets." + properties: + key: + description: "The key to select." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + secret: + description: "Secret containing data to use for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + clientSecret: + description: "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + endpointParams: + additionalProperties: + type: "string" description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" noProxy: @@ -2434,12 +2678,6 @@ spec: - "clientSecret" - "tokenUrl" type: "object" - port: - description: "The port to scrape metrics from, when `role` is nodes, and for discovered\ntasks and services that don't have published ports." - format: "int32" - maximum: 65535.0 - minimum: 0.0 - type: "integer" proxyConnectHeader: additionalProperties: items: @@ -2471,18 +2709,15 @@ spec: pattern: "^http(s)?://.+$" type: "string" refreshInterval: - description: "The time after which the service discovery data is refreshed." + description: "Refresh interval to re-read the instance list." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" - role: - description: "Role of the targets to retrieve. Must be `Services`, `Tasks`, or `Nodes`." - enum: - - "Services" - - "Tasks" - - "Nodes" + server: + description: "The URL to connect to the Eureka server." + minLength: 1 type: "string" tlsConfig: - description: "TLS configuration to use on every scrape request" + description: "TLS configuration applying to the target HTTP endpoint." properties: ca: description: "Certificate authority used when verifying server certificates." @@ -2601,259 +2836,69 @@ spec: type: "string" type: "object" required: - - "host" - - "role" + - "server" type: "object" type: "array" - ec2SDConfigs: - description: "EC2SDConfigs defines a list of EC2 service discovery configurations." + fileSDConfigs: + description: "FileSDConfigs defines a list of file service discovery configurations." items: - description: "EC2SDConfig allow retrieving scrape targets from AWS EC2 instances.\nThe private IP address is used by default, but may be changed to the public IP address with relabeling.\nThe IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config\n\nThe EC2 service discovery requires AWS API keys or role ARN for authentication.\nBasicAuth, Authorization and OAuth2 fields are not present on purpose." + description: "FileSDConfig defines a Prometheus file service discovery configuration\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config" properties: - accessKey: - description: "AccessKey is the AWS API key." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - enableHTTP2: - description: "Whether to enable HTTP2.\nIt requires Prometheus >= v2.41.0" - type: "boolean" - filters: - description: "Filters can be used optionally to filter the instance list by other criteria.\nAvailable filter criteria can be found here:\nhttps://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html\nFilter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html\nIt requires Prometheus >= v2.3.0" + files: + description: "List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the\nprometheus-operator project makes no guarantees about the working directory where the configuration file is\nstored.\nFiles must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets." items: - description: "Filter name and value pairs to limit the discovery process to a subset of available resources." - properties: - name: - description: "Name of the Filter." - type: "string" - values: - description: "Value to filter on." - items: - type: "string" - minItems: 1 - type: "array" - required: - - "name" - - "values" - type: "object" + description: "SDFile represents a file used for service discovery" + pattern: "^[^*]*(\\*[^/]*)?\\.(json|yml|yaml|JSON|YML|YAML)$" + type: "string" + minItems: 1 type: "array" - x-kubernetes-list-map-keys: - - "name" - x-kubernetes-list-type: "map" - followRedirects: - description: "Configure whether HTTP requests follow HTTP 3xx redirects.\nIt requires Prometheus >= v2.41.0" - type: "boolean" - noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." + x-kubernetes-list-type: "set" + refreshInterval: + description: "RefreshInterval configures the refresh interval at which Prometheus will reload the content of the files." + pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" + type: "string" + required: + - "files" + type: "object" + type: "array" + gceSDConfigs: + description: "GCESDConfigs defines a list of GCE service discovery configurations." + items: + description: "GCESDConfig configures scrape targets from GCP GCE instances.\nThe private IP address is used by default, but may be changed to\nthe public IP address with relabeling.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config\n\nThe GCE service discovery will load the Google Cloud credentials\nfrom the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.\nSee https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform\n\nA pre-requisite for using GCESDConfig is that a Secret containing valid\nGoogle Cloud credentials is mounted into the Prometheus or PrometheusAgent\npod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS\nenvironment variable is set to /etc/prometheus/secrets//." + properties: + filter: + description: "Filter can be used optionally to filter the instance list by other criteria\nSyntax of this filter is described in the filter query parameter section:\nhttps://cloud.google.com/compute/docs/reference/latest/instances/list" type: "string" port: description: "The port to scrape metrics from. If using the public IP address, this must\ninstead be specified in the relabeling rule." - format: "int32" - maximum: 65535.0 - minimum: 0.0 type: "integer" - proxyConnectHeader: - additionalProperties: - items: - description: "SecretKeySelector selects a key of a Secret." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "array" - description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." - type: "object" - x-kubernetes-map-type: "atomic" - proxyFromEnvironment: - description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." - type: "boolean" - proxyUrl: - description: "`proxyURL` defines the HTTP proxy server to use." - pattern: "^http(s)?://.+$" + project: + description: "The Google Cloud Project ID" + minLength: 1 type: "string" refreshInterval: description: "RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" - region: - description: "The AWS region." - minLength: 1 - type: "string" - roleARN: - description: "AWS Role ARN, an alternative to using AWS API keys." - minLength: 1 - type: "string" - secretKey: - description: "SecretKey is the AWS API secret." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - tlsConfig: - description: "TLS configuration to connect to the AWS EC2 API.\nIt requires Prometheus >= v2.41.0" - properties: - ca: - description: "Certificate authority used when verifying server certificates." - properties: - configMap: - description: "ConfigMap containing data to use for the targets." - properties: - key: - description: "The key to select." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the ConfigMap or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - secret: - description: "Secret containing data to use for the targets." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - cert: - description: "Client certificate to present when doing client-authentication." - properties: - configMap: - description: "ConfigMap containing data to use for the targets." - properties: - key: - description: "The key to select." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the ConfigMap or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - secret: - description: "Secret containing data to use for the targets." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - insecureSkipVerify: - description: "Disable target certificate validation." - type: "boolean" - keySecret: - description: "Secret containing the client key file for the targets." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - maxVersion: - description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." - enum: - - "TLS10" - - "TLS11" - - "TLS12" - - "TLS13" - type: "string" - minVersion: - description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." - enum: - - "TLS10" - - "TLS11" - - "TLS12" - - "TLS13" - type: "string" - serverName: - description: "Used to verify the hostname for the targets." - type: "string" - type: "object" + tagSeparator: + description: "The tag separator is used to separate the tags on concatenation" + type: "string" + zone: + description: "The zone of the scrape targets. If you need multiple zones use multiple GCESDConfigs." + minLength: 1 + type: "string" + required: + - "project" + - "zone" type: "object" type: "array" - enableCompression: - description: "When false, Prometheus will request uncompressed response from the scraped target.\n\nIt requires Prometheus >= v2.49.0.\n\nIf unset, Prometheus uses true by default." - type: "boolean" - eurekaSDConfigs: - description: "EurekaSDConfigs defines a list of Eureka service discovery configurations." + hetznerSDConfigs: + description: "HetznerSDConfigs defines a list of Hetzner service discovery configurations." items: - description: "Eureka SD configurations allow retrieving scrape targets using the Eureka REST API.\nPrometheus will periodically check the REST endpoint and create a target for every app instance.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config" + description: "HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API.\nThis service discovery uses the public IPv4 address by default, but that can be changed with relabeling\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config" properties: authorization: - description: "Authorization header to use on every scrape request." + description: "Authorization header configuration, required when role is hcloud.\nRole robot does not support bearer token authentication." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -2877,7 +2922,7 @@ spec: type: "string" type: "object" basicAuth: - description: "BasicAuth information to use on every scrape request." + description: "BasicAuth information to use on every scrape request, required when role is robot.\nRole hcloud does not support basic auth." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -2924,7 +2969,7 @@ spec: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: - description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization` or `basic_auth`." + description: "Optional OAuth 2.0 configuration.\nCannot be used at the same time as `basic_auth` or `authorization`." properties: clientId: description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." @@ -3152,6 +3197,9 @@ spec: - "clientSecret" - "tokenUrl" type: "object" + port: + description: "The port to scrape metrics from." + type: "integer" proxyConnectHeader: additionalProperties: items: @@ -3183,15 +3231,19 @@ spec: pattern: "^http(s)?://.+$" type: "string" refreshInterval: - description: "Refresh interval to re-read the instance list." + description: "The time after which the servers are refreshed." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" - server: - description: "The URL to connect to the Eureka server." - minLength: 1 + role: + description: "The Hetzner role of entities that should be discovered." + enum: + - "hcloud" + - "Hcloud" + - "robot" + - "Robot" type: "string" tlsConfig: - description: "TLS configuration applying to the target HTTP endpoint." + description: "TLS configuration to use on every scrape request." properties: ca: description: "Certificate authority used when verifying server certificates." @@ -3310,69 +3362,22 @@ spec: type: "string" type: "object" required: - - "server" - type: "object" - type: "array" - fileSDConfigs: - description: "FileSDConfigs defines a list of file service discovery configurations." - items: - description: "FileSDConfig defines a Prometheus file service discovery configuration\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config" - properties: - files: - description: "List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the\nprometheus-operator project makes no guarantees about the working directory where the configuration file is\nstored.\nFiles must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets." - items: - description: "SDFile represents a file used for service discovery" - pattern: "^[^*]*(\\*[^/]*)?\\.(json|yml|yaml|JSON|YML|YAML)$" - type: "string" - minItems: 1 - type: "array" - x-kubernetes-list-type: "set" - refreshInterval: - description: "RefreshInterval configures the refresh interval at which Prometheus will reload the content of the files." - pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" - type: "string" - required: - - "files" - type: "object" - type: "array" - gceSDConfigs: - description: "GCESDConfigs defines a list of GCE service discovery configurations." - items: - description: "GCESDConfig configures scrape targets from GCP GCE instances.\nThe private IP address is used by default, but may be changed to\nthe public IP address with relabeling.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config\n\nThe GCE service discovery will load the Google Cloud credentials\nfrom the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.\nSee https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform\n\nA pre-requisite for using GCESDConfig is that a Secret containing valid\nGoogle Cloud credentials is mounted into the Prometheus or PrometheusAgent\npod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS\nenvironment variable is set to /etc/prometheus/secrets//." - properties: - filter: - description: "Filter can be used optionally to filter the instance list by other criteria\nSyntax of this filter is described in the filter query parameter section:\nhttps://cloud.google.com/compute/docs/reference/latest/instances/list" - type: "string" - port: - description: "The port to scrape metrics from. If using the public IP address, this must\ninstead be specified in the relabeling rule." - type: "integer" - project: - description: "The Google Cloud Project ID" - minLength: 1 - type: "string" - refreshInterval: - description: "RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list." - pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" - type: "string" - tagSeparator: - description: "The tag separator is used to separate the tags on concatenation" - type: "string" - zone: - description: "The zone of the scrape targets. If you need multiple zones use multiple GCESDConfigs." - minLength: 1 - type: "string" - required: - - "project" - - "zone" + - "role" type: "object" type: "array" - hetznerSDConfigs: - description: "HetznerSDConfigs defines a list of Hetzner service discovery configurations." + honorLabels: + description: "HonorLabels chooses the metric's labels on collisions with target labels." + type: "boolean" + honorTimestamps: + description: "HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data." + type: "boolean" + httpSDConfigs: + description: "HTTPSDConfigs defines a list of HTTP service discovery configurations." items: - description: "HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API.\nThis service discovery uses the public IPv4 address by default, but that can be changed with relabeling\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config" + description: "HTTPSDConfig defines a prometheus HTTP service discovery configuration\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config" properties: authorization: - description: "Authorization header configuration, required when role is hcloud.\nRole robot does not support bearer token authentication." + description: "Authorization header configuration to authenticate against the target HTTP endpoint.\nCannot be set at the same time as `oAuth2`, or `basicAuth`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -3396,7 +3401,7 @@ spec: type: "string" type: "object" basicAuth: - description: "BasicAuth information to use on every scrape request, required when role is robot.\nRole hcloud does not support basic auth." + description: "BasicAuth information to authenticate against the target HTTP endpoint.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoints\nCannot be set at the same time as `authorization`, or `oAuth2`." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -3443,7 +3448,7 @@ spec: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: - description: "Optional OAuth 2.0 configuration.\nCannot be used at the same time as `basic_auth` or `authorization`." + description: "Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint.\nCannot be set at the same time as `authorization`, or `basicAuth`." properties: clientId: description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." @@ -3622,11 +3627,152 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "object" - insecureSkipVerify: - description: "Disable target certificate validation." - type: "boolean" - keySecret: - description: "Secret containing the client key file for the targets." + insecureSkipVerify: + description: "Disable target certificate validation." + type: "boolean" + keySecret: + description: "Secret containing the client key file for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + maxVersion: + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." + enum: + - "TLS10" + - "TLS11" + - "TLS12" + - "TLS13" + type: "string" + minVersion: + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." + enum: + - "TLS10" + - "TLS11" + - "TLS12" + - "TLS13" + type: "string" + serverName: + description: "Used to verify the hostname for the targets." + type: "string" + type: "object" + tokenUrl: + description: "`tokenURL` configures the URL to fetch the token from." + minLength: 1 + type: "string" + required: + - "clientId" + - "clientSecret" + - "tokenUrl" + type: "object" + proxyConnectHeader: + additionalProperties: + items: + description: "SecretKeySelector selects a key of a Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0." + type: "object" + x-kubernetes-map-type: "atomic" + proxyFromEnvironment: + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.43.0." + type: "boolean" + proxyUrl: + description: "`proxyURL` defines the HTTP proxy server to use." + pattern: "^http(s)?://.+$" + type: "string" + refreshInterval: + description: "RefreshInterval configures the refresh interval at which Prometheus will re-query the\nendpoint to update the target list." + pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" + type: "string" + tlsConfig: + description: "TLS configuration applying to the target HTTP endpoint." + properties: + ca: + description: "Certificate authority used when verifying server certificates." + properties: + configMap: + description: "ConfigMap containing data to use for the targets." + properties: + key: + description: "The key to select." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + secret: + description: "Secret containing data to use for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + cert: + description: "Client certificate to present when doing client-authentication." + properties: + configMap: + description: "ConfigMap containing data to use for the targets." + properties: + key: + description: "The key to select." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + secret: + description: "Secret containing data to use for the targets." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -3642,37 +3788,103 @@ spec: - "key" type: "object" x-kubernetes-map-type: "atomic" - maxVersion: - description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." - enum: - - "TLS10" - - "TLS11" - - "TLS12" - - "TLS13" + type: "object" + insecureSkipVerify: + description: "Disable target certificate validation." + type: "boolean" + keySecret: + description: "Secret containing the client key file for the targets." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." type: "string" - minVersion: - description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." - enum: - - "TLS10" - - "TLS11" - - "TLS12" - - "TLS13" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" - serverName: - description: "Used to verify the hostname for the targets." + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + maxVersion: + description: "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0." + enum: + - "TLS10" + - "TLS11" + - "TLS12" + - "TLS13" + type: "string" + minVersion: + description: "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0." + enum: + - "TLS10" + - "TLS11" + - "TLS12" + - "TLS13" + type: "string" + serverName: + description: "Used to verify the hostname for the targets." + type: "string" + type: "object" + url: + description: "URL from which the targets are fetched." + minLength: 1 + pattern: "^http(s)?://.+$" + type: "string" + required: + - "url" + type: "object" + type: "array" + ionosSDConfigs: + description: "IonosSDConfigs defines a list of IONOS service discovery configurations." + items: + description: "IonosSDConfig configurations allow retrieving scrape targets from IONOS resources.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config" + properties: + authorization: + description: "Authorization` header configuration, required when using IONOS." + properties: + credentials: + description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" type: "object" - tokenUrl: - description: "`tokenURL` configures the URL to fetch the token from." - minLength: 1 + x-kubernetes-map-type: "atomic" + type: + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" - required: - - "clientId" - - "clientSecret" - - "tokenUrl" type: "object" + datacenterID: + description: "The unique ID of the IONOS data center." + minLength: 1 + type: "string" + enableHTTP2: + description: "Configure whether to enable HTTP2." + type: "boolean" + followRedirects: + description: "Configure whether the HTTP requests should follow HTTP 3xx redirects." + type: "boolean" + noProxy: + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." + type: "string" port: - description: "The port to scrape metrics from." + description: "Port to scrape the metrics from." + format: "int32" + maximum: 65535.0 + minimum: 0.0 type: "integer" proxyConnectHeader: additionalProperties: @@ -3705,19 +3917,11 @@ spec: pattern: "^http(s)?://.+$" type: "string" refreshInterval: - description: "The time after which the servers are refreshed." + description: "Refresh interval to re-read the list of resources." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" - role: - description: "The Hetzner role of entities that should be discovered." - enum: - - "hcloud" - - "Hcloud" - - "robot" - - "Robot" - type: "string" tlsConfig: - description: "TLS configuration to use on every scrape request." + description: "TLS configuration to use when connecting to the IONOS API." properties: ca: description: "Certificate authority used when verifying server certificates." @@ -3836,22 +4040,36 @@ spec: type: "string" type: "object" required: - - "role" + - "authorization" + - "datacenterID" type: "object" type: "array" - honorLabels: - description: "HonorLabels chooses the metric's labels on collisions with target labels." - type: "boolean" - honorTimestamps: - description: "HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data." - type: "boolean" - httpSDConfigs: - description: "HTTPSDConfigs defines a list of HTTP service discovery configurations." + jobName: + description: "The value of the `job` label assigned to the scraped metrics by default.\n\nThe `job_name` field in the rendered scrape configuration is always controlled by the\noperator to prevent duplicate job names, which Prometheus does not allow. Instead the\n`job` label is set by means of relabeling configs." + minLength: 1 + type: "string" + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0." + format: "int64" + type: "integer" + kubernetesSDConfigs: + description: "KubernetesSDConfigs defines a list of Kubernetes service discovery configurations." items: - description: "HTTPSDConfig defines a prometheus HTTP service discovery configuration\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config" + description: "KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config" properties: + apiServer: + description: "The API server address consisting of a hostname or IP address followed\nby an optional port number.\nIf left empty, Prometheus is assumed to run inside\nof the cluster. It will discover API servers automatically and use the pod's\nCA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/." + minLength: 1 + type: "string" + attachMetadata: + description: "Optional metadata to attach to discovered targets.\nIt requires Prometheus >= v2.35.0 when using the `Pod` role and\nPrometheus >= v2.37.0 for `Endpoints` and `Endpointslice` roles." + properties: + node: + description: "Attaches node metadata to discovered targets.\nWhen set to true, Prometheus must have the `get` permission on the\n`Nodes` objects.\nOnly valid for Pod, Endpoint and Endpointslice roles." + type: "boolean" + type: "object" authorization: - description: "Authorization header configuration to authenticate against the target HTTP endpoint.\nCannot be set at the same time as `oAuth2`, or `basicAuth`." + description: "Authorization header to use on every scrape request.\nCannot be set at the same time as `basicAuth`, or `oauth2`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -3875,7 +4093,7 @@ spec: type: "string" type: "object" basicAuth: - description: "BasicAuth information to authenticate against the target HTTP endpoint.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoints\nCannot be set at the same time as `authorization`, or `oAuth2`." + description: "BasicAuth information to use on every scrape request.\nCannot be set at the same time as `authorization`, or `oauth2`." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -3918,11 +4136,24 @@ spec: followRedirects: description: "Configure whether HTTP requests follow HTTP 3xx redirects." type: "boolean" + namespaces: + description: "Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces." + properties: + names: + description: "List of namespaces where to watch for resources.\nIf empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "set" + ownNamespace: + description: "Includes the namespace in which the Prometheus pod runs to the list of watched namespaces." + type: "boolean" + type: "object" noProxy: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: - description: "Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint.\nCannot be set at the same time as `authorization`, or `basicAuth`." + description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`, or `basicAuth`." properties: clientId: description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." @@ -4180,12 +4411,48 @@ spec: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" type: "string" - refreshInterval: - description: "RefreshInterval configures the refresh interval at which Prometheus will re-query the\nendpoint to update the target list." - pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" + role: + description: "Role of the Kubernetes entities that should be discovered.\nRole `Endpointslice` requires Prometheus >= v2.21.0" + enum: + - "Pod" + - "Endpoints" + - "Ingress" + - "Service" + - "Node" + - "EndpointSlice" type: "string" + selectors: + description: "Selector to select objects.\nIt requires Prometheus >= v2.17.0" + items: + description: "K8SSelectorConfig is Kubernetes Selector Config" + properties: + field: + description: "An optional field selector to limit the service discovery to resources which have fields with specific values.\ne.g: `metadata.name=foobar`" + minLength: 1 + type: "string" + label: + description: "An optional label selector to limit the service discovery to resources with specific labels and label values.\ne.g: `node.kubernetes.io/instance-type=master`" + minLength: 1 + type: "string" + role: + description: "Role specifies the type of Kubernetes resource to limit the service discovery to.\nAccepted values are: Node, Pod, Endpoints, EndpointSlice, Service, Ingress." + enum: + - "Pod" + - "Endpoints" + - "Ingress" + - "Service" + - "Node" + - "EndpointSlice" + type: "string" + required: + - "role" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "role" + x-kubernetes-list-type: "map" tlsConfig: - description: "TLS configuration applying to the target HTTP endpoint." + description: "TLS configuration to connect to the Kubernetes API." properties: ca: description: "Certificate authority used when verifying server certificates." @@ -4303,41 +4570,17 @@ spec: description: "Used to verify the hostname for the targets." type: "string" type: "object" - url: - description: "URL from which the targets are fetched." - minLength: 1 - pattern: "^http(s)?://.+$" - type: "string" required: - - "url" + - "role" type: "object" type: "array" - jobName: - description: "The value of the `job` label assigned to the scraped metrics by default.\n\nThe `job_name` field in the rendered scrape configuration is always controlled by the\noperator to prevent duplicate job names, which Prometheus does not allow. Instead the\n`job` label is set by means of relabeling configs." - minLength: 1 - type: "string" - keepDroppedTargets: - description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0." - format: "int64" - type: "integer" - kubernetesSDConfigs: - description: "KubernetesSDConfigs defines a list of Kubernetes service discovery configurations." - items: - description: "KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config" - properties: - apiServer: - description: "The API server address consisting of a hostname or IP address followed\nby an optional port number.\nIf left empty, Prometheus is assumed to run inside\nof the cluster. It will discover API servers automatically and use the pod's\nCA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/." - minLength: 1 - type: "string" - attachMetadata: - description: "Optional metadata to attach to discovered targets.\nIt requires Prometheus >= v2.35.0 when using the `Pod` role and\nPrometheus >= v2.37.0 for `Endpoints` and `Endpointslice` roles." - properties: - node: - description: "Attaches node metadata to discovered targets.\nWhen set to true, Prometheus must have the `get` permission on the\n`Nodes` objects.\nOnly valid for Pod, Endpoint and Endpointslice roles." - type: "boolean" - type: "object" + kumaSDConfigs: + description: "KumaSDConfigs defines a list of Kuma service discovery configurations." + items: + description: "KumaSDConfig allow retrieving scrape targets from Kuma's control plane.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config" + properties: authorization: - description: "Authorization header to use on every scrape request.\nCannot be set at the same time as `basicAuth`, or `oauth2`." + description: "Authorization header to use on every scrape request." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -4361,7 +4604,7 @@ spec: type: "string" type: "object" basicAuth: - description: "BasicAuth information to use on every scrape request.\nCannot be set at the same time as `authorization`, or `oauth2`." + description: "BasicAuth information to use on every scrape request." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -4398,25 +4641,19 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "object" + clientID: + description: "Client id is used by Kuma Control Plane to compute Monitoring Assignment for specific Prometheus backend." + type: "string" enableHTTP2: description: "Whether to enable HTTP2." type: "boolean" + fetchTimeout: + description: "The time after which the monitoring assignments are refreshed." + pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" + type: "string" followRedirects: description: "Configure whether HTTP requests follow HTTP 3xx redirects." type: "boolean" - namespaces: - description: "Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces." - properties: - names: - description: "List of namespaces where to watch for resources.\nIf empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "set" - ownNamespace: - description: "Includes the namespace in which the Prometheus pod runs to the list of watched namespaces." - type: "boolean" - type: "object" noProxy: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" @@ -4679,48 +4916,16 @@ spec: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" type: "string" - role: - description: "Role of the Kubernetes entities that should be discovered.\nRole `Endpointslice` requires Prometheus >= v2.21.0" - enum: - - "Pod" - - "Endpoints" - - "Ingress" - - "Service" - - "Node" - - "EndpointSlice" + refreshInterval: + description: "The time to wait between polling update requests." + pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" + type: "string" + server: + description: "Address of the Kuma Control Plane's MADS xDS server." + minLength: 1 type: "string" - selectors: - description: "Selector to select objects.\nIt requires Prometheus >= v2.17.0" - items: - description: "K8SSelectorConfig is Kubernetes Selector Config" - properties: - field: - description: "An optional field selector to limit the service discovery to resources which have fields with specific values.\ne.g: `metadata.name=foobar`" - minLength: 1 - type: "string" - label: - description: "An optional label selector to limit the service discovery to resources with specific labels and label values.\ne.g: `node.kubernetes.io/instance-type=master`" - minLength: 1 - type: "string" - role: - description: "Role specifies the type of Kubernetes resource to limit the service discovery to.\nAccepted values are: Node, Pod, Endpoints, EndpointSlice, Service, Ingress." - enum: - - "Pod" - - "Endpoints" - - "Ingress" - - "Service" - - "Node" - - "EndpointSlice" - type: "string" - required: - - "role" - type: "object" - type: "array" - x-kubernetes-list-map-keys: - - "role" - x-kubernetes-list-type: "map" tlsConfig: - description: "TLS configuration to connect to the Kubernetes API." + description: "TLS configuration to use on every scrape request" properties: ca: description: "Certificate authority used when verifying server certificates." @@ -4839,16 +5044,45 @@ spec: type: "string" type: "object" required: - - "role" + - "server" type: "object" type: "array" - kumaSDConfigs: - description: "KumaSDConfigs defines a list of Kuma service discovery configurations." + labelLimit: + description: "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer." + format: "int64" + type: "integer" + labelNameLengthLimit: + description: "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer." + format: "int64" + type: "integer" + labelValueLengthLimit: + description: "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer." + format: "int64" + type: "integer" + lightSailSDConfigs: + description: "LightsailSDConfigs defines a list of Lightsail service discovery configurations." items: - description: "KumaSDConfig allow retrieving scrape targets from Kuma's control plane.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config" + description: "LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config" properties: + accessKey: + description: "AccessKey is the AWS API key." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" authorization: - description: "Authorization header to use on every scrape request." + description: "Optional `authorization` HTTP header configuration.\nCannot be set at the same time as `basicAuth`, or `oauth2`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -4872,7 +5106,7 @@ spec: type: "string" type: "object" basicAuth: - description: "BasicAuth information to use on every scrape request." + description: "Optional HTTP basic authentication information.\nCannot be set at the same time as `authorization`, or `oauth2`." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -4909,24 +5143,21 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "object" - clientID: - description: "Client id is used by Kuma Control Plane to compute Monitoring Assignment for specific Prometheus backend." - type: "string" enableHTTP2: - description: "Whether to enable HTTP2." + description: "Configure whether to enable HTTP2." type: "boolean" - fetchTimeout: - description: "The time after which the monitoring assignments are refreshed." - pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" + endpoint: + description: "Custom endpoint to be used." + minLength: 1 type: "string" followRedirects: - description: "Configure whether HTTP requests follow HTTP 3xx redirects." + description: "Configure whether the HTTP requests should follow HTTP 3xx redirects." type: "boolean" noProxy: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: - description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`, or `basicAuth`." + description: "Optional OAuth2.0 configuration.\nCannot be set at the same time as `basicAuth`, or `authorization`." properties: clientId: description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." @@ -5154,6 +5385,12 @@ spec: - "clientSecret" - "tokenUrl" type: "object" + port: + description: "Port to scrape the metrics from.\nIf using the public IP address, this must instead be specified in the relabeling rule." + format: "int32" + maximum: 65535.0 + minimum: 0.0 + type: "integer" proxyConnectHeader: additionalProperties: items: @@ -5185,15 +5422,35 @@ spec: pattern: "^http(s)?://.+$" type: "string" refreshInterval: - description: "The time to wait between polling update requests." + description: "Refresh interval to re-read the list of instances." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" - server: - description: "Address of the Kuma Control Plane's MADS xDS server." + region: + description: "The AWS region." minLength: 1 type: "string" + roleARN: + description: "AWS Role ARN, an alternative to using AWS API keys." + type: "string" + secretKey: + description: "SecretKey is the AWS API secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" tlsConfig: - description: "TLS configuration to use on every scrape request" + description: "TLS configuration to connect to the Puppet DB." properties: ca: description: "Certificate authority used when verifying server certificates." @@ -5304,97 +5561,25 @@ spec: enum: - "TLS10" - "TLS11" - - "TLS12" - - "TLS13" - type: "string" - serverName: - description: "Used to verify the hostname for the targets." - type: "string" - type: "object" - required: - - "server" - type: "object" - type: "array" - labelLimit: - description: "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer." - format: "int64" - type: "integer" - labelNameLengthLimit: - description: "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer." - format: "int64" - type: "integer" - labelValueLengthLimit: - description: "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer." - format: "int64" - type: "integer" - lightSailSDConfigs: - description: "LightsailSDConfigs defines a list of Lightsail service discovery configurations." - items: - description: "LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config" - properties: - accessKey: - description: "AccessKey is the AWS API key." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - authorization: - description: "Optional `authorization` HTTP header configuration.\nCannot be set at the same time as `basicAuth`, or `oauth2`." - properties: - credentials: - description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: - description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" - type: "string" - type: "object" - basicAuth: - description: "Optional HTTP basic authentication information.\nCannot be set at the same time as `authorization`, or `oauth2`." - properties: - password: - description: "`password` specifies a key of a Secret containing the password for\nauthentication." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - username: - description: "`username` specifies a key of a Secret containing the username for\nauthentication." + - "TLS12" + - "TLS13" + type: "string" + serverName: + description: "Used to verify the hostname for the targets." + type: "string" + type: "object" + type: "object" + type: "array" + linodeSDConfigs: + description: "LinodeSDConfigs defines a list of Linode service discovery configurations." + items: + description: "LinodeSDConfig configurations allow retrieving scrape targets from Linode's Linode APIv4.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#linode_sd_config" + properties: + authorization: + description: "Authorization header configuration." + properties: + credentials: + description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -5410,22 +5595,21 @@ spec: - "key" type: "object" x-kubernetes-map-type: "atomic" + type: + description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" + type: "string" type: "object" enableHTTP2: - description: "Configure whether to enable HTTP2." + description: "Whether to enable HTTP2." type: "boolean" - endpoint: - description: "Custom endpoint to be used." - minLength: 1 - type: "string" followRedirects: - description: "Configure whether the HTTP requests should follow HTTP 3xx redirects." + description: "Configure whether HTTP requests follow HTTP 3xx redirects." type: "boolean" noProxy: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: - description: "Optional OAuth2.0 configuration.\nCannot be set at the same time as `basicAuth`, or `authorization`." + description: "Optional OAuth 2.0 configuration.\nCannot be used at the same time as `authorization`." properties: clientId: description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." @@ -5654,7 +5838,7 @@ spec: - "tokenUrl" type: "object" port: - description: "Port to scrape the metrics from.\nIf using the public IP address, this must instead be specified in the relabeling rule." + description: "Default port to scrape metrics from." format: "int32" maximum: 65535.0 minimum: 0.0 @@ -5690,35 +5874,19 @@ spec: pattern: "^http(s)?://.+$" type: "string" refreshInterval: - description: "Refresh interval to re-read the list of instances." + description: "Time after which the linode instances are refreshed." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" region: - description: "The AWS region." + description: "Optional region to filter on." minLength: 1 type: "string" - roleARN: - description: "AWS Role ARN, an alternative to using AWS API keys." + tagSeparator: + description: "The string by which Linode Instance tags are joined into the tag label." + minLength: 1 type: "string" - secretKey: - description: "SecretKey is the AWS API secret." - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" tlsConfig: - description: "TLS configuration to connect to the Puppet DB." + description: "TLS configuration applying to the target HTTP endpoint." properties: ca: description: "Certificate authority used when verifying server certificates." @@ -5838,13 +6006,81 @@ spec: type: "object" type: "object" type: "array" - linodeSDConfigs: - description: "LinodeSDConfigs defines a list of Linode service discovery configurations." + metricRelabelings: + description: "MetricRelabelConfigs to apply to samples before ingestion." items: - description: "LinodeSDConfig configurations allow retrieving scrape targets from Linode's Linode APIv4.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#linode_sd_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + properties: + action: + default: "replace" + description: "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"" + enum: + - "replace" + - "Replace" + - "keep" + - "Keep" + - "drop" + - "Drop" + - "hashmod" + - "HashMod" + - "labelmap" + - "LabelMap" + - "labeldrop" + - "LabelDrop" + - "labelkeep" + - "LabelKeep" + - "lowercase" + - "Lowercase" + - "uppercase" + - "Uppercase" + - "keepequal" + - "KeepEqual" + - "dropequal" + - "DropEqual" + type: "string" + modulus: + description: "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`." + format: "int64" + type: "integer" + regex: + description: "Regular expression against which the extracted value is matched." + type: "string" + replacement: + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available." + type: "string" + separator: + description: "Separator is the string between concatenated SourceLabels." + type: "string" + sourceLabels: + description: "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression." + items: + description: "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores." + pattern: "^[a-zA-Z_][a-zA-Z0-9_]*$" + type: "string" + type: "array" + targetLabel: + description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." + type: "string" + type: "object" + minItems: 1 + type: "array" + metricsPath: + description: "MetricsPath HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. /metrics)." + minLength: 1 + type: "string" + noProxy: + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." + type: "string" + nomadSDConfigs: + description: "NomadSDConfigs defines a list of Nomad service discovery configurations." + items: + description: "NomadSDConfig configurations allow retrieving scrape targets from Nomad's Service API.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#nomad_sd_config" properties: + allowStale: + description: "The information to access the Nomad API. It is to be defined\nas the Nomad documentation requires." + type: "boolean" authorization: - description: "Authorization header configuration." + description: "Authorization header to use on every scrape request." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -5867,17 +6103,57 @@ spec: description: "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"" type: "string" type: "object" + basicAuth: + description: "BasicAuth information to use on every scrape request." + properties: + password: + description: "`password` specifies a key of a Secret containing the password for\nauthentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + username: + description: "`username` specifies a key of a Secret containing the username for\nauthentication." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" enableHTTP2: description: "Whether to enable HTTP2." type: "boolean" followRedirects: description: "Configure whether HTTP requests follow HTTP 3xx redirects." type: "boolean" + namespace: + type: "string" noProxy: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." type: "string" oauth2: - description: "Optional OAuth 2.0 configuration.\nCannot be used at the same time as `authorization`." + description: "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization` or `basic_auth`." properties: clientId: description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." @@ -6105,12 +6381,6 @@ spec: - "clientSecret" - "tokenUrl" type: "object" - port: - description: "Default port to scrape metrics from." - format: "int32" - maximum: 65535.0 - minimum: 0.0 - type: "integer" proxyConnectHeader: additionalProperties: items: @@ -6142,16 +6412,15 @@ spec: pattern: "^http(s)?://.+$" type: "string" refreshInterval: - description: "Time after which the linode instances are refreshed." + description: "Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function.\nSupported units: y, w, d, h, m, s, ms\nExamples: `30s`, `1m`, `1h20m15s`, `15d`" pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" region: - description: "Optional region to filter on." + type: "string" + server: minLength: 1 type: "string" tagSeparator: - description: "The string by which Linode Instance tags are joined into the tag label." - minLength: 1 type: "string" tlsConfig: description: "TLS configuration applying to the target HTTP endpoint." @@ -6272,73 +6541,12 @@ spec: description: "Used to verify the hostname for the targets." type: "string" type: "object" + required: + - "server" type: "object" type: "array" - metricRelabelings: - description: "MetricRelabelConfigs to apply to samples before ingestion." - items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" - properties: - action: - default: "replace" - description: "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"" - enum: - - "replace" - - "Replace" - - "keep" - - "Keep" - - "drop" - - "Drop" - - "hashmod" - - "HashMod" - - "labelmap" - - "LabelMap" - - "labeldrop" - - "LabelDrop" - - "labelkeep" - - "LabelKeep" - - "lowercase" - - "Lowercase" - - "uppercase" - - "Uppercase" - - "keepequal" - - "KeepEqual" - - "dropequal" - - "DropEqual" - type: "string" - modulus: - description: "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`." - format: "int64" - type: "integer" - regex: - description: "Regular expression against which the extracted value is matched." - type: "string" - replacement: - description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available." - type: "string" - separator: - description: "Separator is the string between concatenated SourceLabels." - type: "string" - sourceLabels: - description: "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression." - items: - description: "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores." - pattern: "^[a-zA-Z_][a-zA-Z0-9_]*$" - type: "string" - type: "array" - targetLabel: - description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." - type: "string" - type: "object" - type: "array" - metricsPath: - description: "MetricsPath HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. /metrics)." - type: "string" - noProxy: - description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0." - type: "string" oauth2: - description: "OAuth2 client credentials used to fetch a token for the targets." + description: "OAuth2 configuration to use on every scrape request." properties: clientId: description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." @@ -7431,6 +7639,7 @@ spec: description: "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available." type: "string" type: "object" + minItems: 1 type: "array" sampleLimit: description: "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted." @@ -7689,6 +7898,7 @@ spec: - "OpenMetricsText1.0.0" - "PrometheusText0.0.4" type: "string" + minItems: 1 type: "array" x-kubernetes-list-type: "set" scrapeTimeout: diff --git a/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1alpha1/scyllaoperatorconfigs.yaml b/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1alpha1/scyllaoperatorconfigs.yaml index 80af292e8..caa039405 100644 --- a/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1alpha1/scyllaoperatorconfigs.yaml +++ b/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1alpha1/scyllaoperatorconfigs.yaml @@ -34,12 +34,37 @@ spec: description: "spec defines the desired state of the operator." properties: scyllaUtilsImage: - description: "scyllaUtilsImage is a Scylla image used for running scylla utilities." - minLength: 1 + description: "scyllaUtilsImage is a ScyllaDB image used for running ScyllaDB utilities." + type: "string" + unsupportedBashToolsImageOverride: + description: "unsupportedBashToolsImageOverride allows to adjust a generic Bash image with extra tools used by the operator for auxiliary purposes. Setting this field renders your cluster unsupported. Use at your own risk." + type: "string" + unsupportedGrafanaImageOverride: + description: "unsupportedGrafanaImageOverride allows to adjust Grafana image used by the operator for testing, dev or emergencies. Setting this field renders your cluster unsupported. Use at your own risk." + type: "string" + unsupportedPrometheusVersionOverride: + description: "unsupportedPrometheusVersionOverride allows to adjust Prometheus version used by the operator for testing, dev or emergencies. Setting this field renders your cluster unsupported. Use at your own risk." type: "string" type: "object" status: description: "status defines the observed state of the operator." + properties: + bashToolsImage: + description: "bashToolsImage is a generic Bash image with extra tools used by the operator for auxiliary purposes." + type: "string" + grafanaImage: + description: "grafanaImage is the image used by the operator to create a Grafana instance." + type: "string" + observedGeneration: + description: "observedGeneration is the most recent generation observed for this ScyllaOperatorConfig. It corresponds to the ScyllaOperatorConfig's generation, which is updated on mutation by the API Server." + format: "int64" + type: "integer" + prometheusVersion: + description: "prometheusVersion is the Prometheus version used by the operator to create a Prometheus instance." + type: "string" + scyllaDBUtilsImage: + description: "scyllaDBUtilsImage is the ScyllaDB image used for running ScyllaDB utilities." + type: "string" type: "object" type: "object" served: true diff --git a/crd-catalog/solo-io/gloo/enterprise.gloo.solo.io/v1/authconfigs.yaml b/crd-catalog/solo-io/gloo/enterprise.gloo.solo.io/v1/authconfigs.yaml index 72145439a..31c6d6f36 100644 --- a/crd-catalog/solo-io/gloo/enterprise.gloo.solo.io/v1/authconfigs.yaml +++ b/crd-catalog/solo-io/gloo/enterprise.gloo.solo.io/v1/authconfigs.yaml @@ -646,6 +646,11 @@ spec: type: "string" x-kubernetes-int-or-string: true type: "object" + frontChannelLogout: + properties: + path: + type: "string" + type: "object" headers: properties: accessTokenHeader: diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml index 070ea9d97..2f40d23d8 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml @@ -547,6 +547,163 @@ spec: disable: type: "boolean" type: "object" + jwtProvidersStaged: + properties: + afterExtAuth: + properties: + allowMissingOrFailedJwt: + type: "boolean" + providers: + additionalProperties: + properties: + audiences: + items: + type: "string" + type: "array" + claimsToHeaders: + items: + properties: + append: + type: "boolean" + claim: + type: "string" + header: + type: "string" + type: "object" + type: "array" + clockSkewSeconds: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + issuer: + type: "string" + jwks: + properties: + local: + properties: + key: + type: "string" + type: "object" + remote: + properties: + asyncFetch: + properties: + fastListener: + type: "boolean" + type: "object" + cacheDuration: + type: "string" + upstreamRef: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + url: + type: "string" + type: "object" + type: "object" + keepToken: + type: "boolean" + tokenSource: + properties: + headers: + items: + properties: + header: + type: "string" + prefix: + type: "string" + type: "object" + type: "array" + queryParams: + items: + type: "string" + type: "array" + type: "object" + type: "object" + type: "object" + type: "object" + beforeExtAuth: + properties: + allowMissingOrFailedJwt: + type: "boolean" + providers: + additionalProperties: + properties: + audiences: + items: + type: "string" + type: "array" + claimsToHeaders: + items: + properties: + append: + type: "boolean" + claim: + type: "string" + header: + type: "string" + type: "object" + type: "array" + clockSkewSeconds: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + issuer: + type: "string" + jwks: + properties: + local: + properties: + key: + type: "string" + type: "object" + remote: + properties: + asyncFetch: + properties: + fastListener: + type: "boolean" + type: "object" + cacheDuration: + type: "string" + upstreamRef: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + url: + type: "string" + type: "object" + type: "object" + keepToken: + type: "boolean" + tokenSource: + properties: + headers: + items: + properties: + header: + type: "string" + prefix: + type: "string" + type: "object" + type: "array" + queryParams: + items: + type: "string" + type: "array" + type: "object" + type: "object" + type: "object" + type: "object" + type: "object" jwtStaged: properties: afterExtAuth: diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml index fb119e1f8..28c2252f6 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml @@ -657,6 +657,163 @@ spec: disable: type: "boolean" type: "object" + jwtProvidersStaged: + properties: + afterExtAuth: + properties: + allowMissingOrFailedJwt: + type: "boolean" + providers: + additionalProperties: + properties: + audiences: + items: + type: "string" + type: "array" + claimsToHeaders: + items: + properties: + append: + type: "boolean" + claim: + type: "string" + header: + type: "string" + type: "object" + type: "array" + clockSkewSeconds: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + issuer: + type: "string" + jwks: + properties: + local: + properties: + key: + type: "string" + type: "object" + remote: + properties: + asyncFetch: + properties: + fastListener: + type: "boolean" + type: "object" + cacheDuration: + type: "string" + upstreamRef: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + url: + type: "string" + type: "object" + type: "object" + keepToken: + type: "boolean" + tokenSource: + properties: + headers: + items: + properties: + header: + type: "string" + prefix: + type: "string" + type: "object" + type: "array" + queryParams: + items: + type: "string" + type: "array" + type: "object" + type: "object" + type: "object" + type: "object" + beforeExtAuth: + properties: + allowMissingOrFailedJwt: + type: "boolean" + providers: + additionalProperties: + properties: + audiences: + items: + type: "string" + type: "array" + claimsToHeaders: + items: + properties: + append: + type: "boolean" + claim: + type: "string" + header: + type: "string" + type: "object" + type: "array" + clockSkewSeconds: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + issuer: + type: "string" + jwks: + properties: + local: + properties: + key: + type: "string" + type: "object" + remote: + properties: + asyncFetch: + properties: + fastListener: + type: "boolean" + type: "object" + cacheDuration: + type: "string" + upstreamRef: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + url: + type: "string" + type: "object" + type: "object" + keepToken: + type: "boolean" + tokenSource: + properties: + headers: + items: + properties: + header: + type: "string" + prefix: + type: "string" + type: "object" + type: "array" + queryParams: + items: + type: "string" + type: "array" + type: "object" + type: "object" + type: "object" + type: "object" + type: "object" jwtStaged: properties: afterExtAuth: diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml index 94e817615..b1c5b5673 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml @@ -3661,6 +3661,163 @@ spec: disable: type: "boolean" type: "object" + jwtProvidersStaged: + properties: + afterExtAuth: + properties: + allowMissingOrFailedJwt: + type: "boolean" + providers: + additionalProperties: + properties: + audiences: + items: + type: "string" + type: "array" + claimsToHeaders: + items: + properties: + append: + type: "boolean" + claim: + type: "string" + header: + type: "string" + type: "object" + type: "array" + clockSkewSeconds: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + issuer: + type: "string" + jwks: + properties: + local: + properties: + key: + type: "string" + type: "object" + remote: + properties: + asyncFetch: + properties: + fastListener: + type: "boolean" + type: "object" + cacheDuration: + type: "string" + upstreamRef: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + url: + type: "string" + type: "object" + type: "object" + keepToken: + type: "boolean" + tokenSource: + properties: + headers: + items: + properties: + header: + type: "string" + prefix: + type: "string" + type: "object" + type: "array" + queryParams: + items: + type: "string" + type: "array" + type: "object" + type: "object" + type: "object" + type: "object" + beforeExtAuth: + properties: + allowMissingOrFailedJwt: + type: "boolean" + providers: + additionalProperties: + properties: + audiences: + items: + type: "string" + type: "array" + claimsToHeaders: + items: + properties: + append: + type: "boolean" + claim: + type: "string" + header: + type: "string" + type: "object" + type: "array" + clockSkewSeconds: + maximum: 4294967295.0 + minimum: 0.0 + nullable: true + type: "integer" + issuer: + type: "string" + jwks: + properties: + local: + properties: + key: + type: "string" + type: "object" + remote: + properties: + asyncFetch: + properties: + fastListener: + type: "boolean" + type: "object" + cacheDuration: + type: "string" + upstreamRef: + properties: + name: + type: "string" + namespace: + type: "string" + type: "object" + url: + type: "string" + type: "object" + type: "object" + keepToken: + type: "boolean" + tokenSource: + properties: + headers: + items: + properties: + header: + type: "string" + prefix: + type: "string" + type: "object" + type: "array" + queryParams: + items: + type: "string" + type: "array" + type: "object" + type: "object" + type: "object" + type: "object" + type: "object" jwtStaged: properties: afterExtAuth: diff --git a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/traefikservices.yaml b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/traefikservices.yaml index 3b8bb4bdb..f4c0d1152 100644 --- a/crd-catalog/traefik/traefik/traefik.io/v1alpha1/traefikservices.yaml +++ b/crd-catalog/traefik/traefik/traefik.io/v1alpha1/traefikservices.yaml @@ -87,6 +87,9 @@ spec: description: "MaxBodySize defines the maximum size allowed for the body of the request.\nIf the body is larger, the request is not mirrored.\nDefault value is -1, which means unlimited size." format: "int64" type: "integer" + mirrorBody: + description: "MirrorBody defines whether the body of the request should be mirrored.\nDefault value is true." + type: "boolean" mirrors: description: "Mirrors defines the list of mirrors where Traefik will duplicate the traffic." items: diff --git a/crd-catalog/volcano-sh/volcano/scheduling.volcano.sh/v1beta1/queues.yaml b/crd-catalog/volcano-sh/volcano/scheduling.volcano.sh/v1beta1/queues.yaml index 1632e86cf..3cabf8920 100644 --- a/crd-catalog/volcano-sh/volcano/scheduling.volcano.sh/v1beta1/queues.yaml +++ b/crd-catalog/volcano-sh/volcano/scheduling.volcano.sh/v1beta1/queues.yaml @@ -115,6 +115,10 @@ spec: parent: description: "Parent define the parent of queue" type: "string" + priority: + description: "Priority define the priority of queue. Higher values are prioritized for scheduling and considered later during reclamation." + format: "int32" + type: "integer" reclaimable: description: "Reclaimable indicate whether the queue can be reclaimed by other queue" type: "boolean" diff --git a/kube-custom-resources-rs/src/acmpca_services_k8s_aws/v1alpha1/certificates.rs b/kube-custom-resources-rs/src/acmpca_services_k8s_aws/v1alpha1/certificates.rs index c8c9140d3..7a4f6b7bd 100644 --- a/kube-custom-resources-rs/src/acmpca_services_k8s_aws/v1alpha1/certificates.rs +++ b/kube-custom-resources-rs/src/acmpca_services_k8s_aws/v1alpha1/certificates.rs @@ -49,6 +49,10 @@ pub struct CertificateSpec { /// name: my-api #[serde(default, skip_serializing_if = "Option::is_none", rename = "certificateAuthorityRef")] pub certificate_authority_ref: Option, + /// SecretKeyReference combines a k8s corev1.SecretReference with a + /// specific key within the referred-to Secret + #[serde(default, skip_serializing_if = "Option::is_none", rename = "certificateOutput")] + pub certificate_output: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "certificateSigningRequest")] pub certificate_signing_request: Option, /// AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference @@ -432,6 +436,20 @@ pub struct CertificateCertificateAuthorityRefFrom { pub namespace: Option, } +/// SecretKeyReference combines a k8s corev1.SecretReference with a +/// specific key within the referred-to Secret +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CertificateCertificateOutput { + /// Key is the key within the secret + pub key: String, + /// name is unique within a namespace to reference a secret resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// namespace defines the space within which the secret name must be unique. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + /// AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference /// type to provide more user friendly syntax for references using 'from' field /// Ex: diff --git a/kube-custom-resources-rs/src/apps_emqx_io/v1beta3/emqxbrokers.rs b/kube-custom-resources-rs/src/apps_emqx_io/v1beta3/emqxbrokers.rs index 947bd1ae3..36ae9cd7b 100644 --- a/kube-custom-resources-rs/src/apps_emqx_io/v1beta3/emqxbrokers.rs +++ b/kube-custom-resources-rs/src/apps_emqx_io/v1beta3/emqxbrokers.rs @@ -356,8 +356,7 @@ pub struct EmqxBrokerEmqxTemplate { pub extra_volume_mounts: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraVolumes")] pub extra_volumes: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub image: Option, + pub image: String, #[serde(default, skip_serializing_if = "Option::is_none", rename = "imagePullPolicy")] pub image_pull_policy: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "livenessProbe")] diff --git a/kube-custom-resources-rs/src/apps_emqx_io/v1beta3/emqxenterprises.rs b/kube-custom-resources-rs/src/apps_emqx_io/v1beta3/emqxenterprises.rs index e8de789a6..10cefbd44 100644 --- a/kube-custom-resources-rs/src/apps_emqx_io/v1beta3/emqxenterprises.rs +++ b/kube-custom-resources-rs/src/apps_emqx_io/v1beta3/emqxenterprises.rs @@ -356,8 +356,7 @@ pub struct EmqxEnterpriseEmqxTemplate { pub extra_volume_mounts: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraVolumes")] pub extra_volumes: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub image: Option, + pub image: String, #[serde(default, skip_serializing_if = "Option::is_none", rename = "imagePullPolicy")] pub image_pull_policy: Option, #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/apps_emqx_io/v1beta3/emqxplugins.rs b/kube-custom-resources-rs/src/apps_emqx_io/v1beta3/emqxplugins.rs index fd697d0eb..2be5a98c7 100644 --- a/kube-custom-resources-rs/src/apps_emqx_io/v1beta3/emqxplugins.rs +++ b/kube-custom-resources-rs/src/apps_emqx_io/v1beta3/emqxplugins.rs @@ -20,10 +20,9 @@ use self::prelude::*; pub struct EmqxPluginSpec { #[serde(default, skip_serializing_if = "Option::is_none")] pub config: Option>, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "pluginName")] - pub plugin_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub selector: Option>, + #[serde(rename = "pluginName")] + pub plugin_name: String, + pub selector: BTreeMap, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/apps_emqx_io/v1beta4/emqxbrokers.rs b/kube-custom-resources-rs/src/apps_emqx_io/v1beta4/emqxbrokers.rs index e9225e6e5..d4568af19 100644 --- a/kube-custom-resources-rs/src/apps_emqx_io/v1beta4/emqxbrokers.rs +++ b/kube-custom-resources-rs/src/apps_emqx_io/v1beta4/emqxbrokers.rs @@ -710,8 +710,7 @@ pub struct EmqxBrokerTemplateSpecEmqxContainerImage { pub repository: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub suffix: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub version: Option, + pub version: String, } #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] diff --git a/kube-custom-resources-rs/src/apps_emqx_io/v1beta4/emqxenterprises.rs b/kube-custom-resources-rs/src/apps_emqx_io/v1beta4/emqxenterprises.rs index 4879a50a8..a1b41cedc 100644 --- a/kube-custom-resources-rs/src/apps_emqx_io/v1beta4/emqxenterprises.rs +++ b/kube-custom-resources-rs/src/apps_emqx_io/v1beta4/emqxenterprises.rs @@ -742,8 +742,7 @@ pub struct EmqxEnterpriseTemplateSpecEmqxContainerImage { pub repository: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub suffix: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub version: Option, + pub version: String, } #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] diff --git a/kube-custom-resources-rs/src/apps_emqx_io/v1beta4/emqxplugins.rs b/kube-custom-resources-rs/src/apps_emqx_io/v1beta4/emqxplugins.rs index fc53da24d..d050a9cbf 100644 --- a/kube-custom-resources-rs/src/apps_emqx_io/v1beta4/emqxplugins.rs +++ b/kube-custom-resources-rs/src/apps_emqx_io/v1beta4/emqxplugins.rs @@ -19,9 +19,8 @@ use self::prelude::*; pub struct EmqxPluginSpec { #[serde(default, skip_serializing_if = "Option::is_none")] pub config: Option>, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "pluginName")] - pub plugin_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub selector: Option>, + #[serde(rename = "pluginName")] + pub plugin_name: String, + pub selector: BTreeMap, } diff --git a/kube-custom-resources-rs/src/apps_emqx_io/v2alpha1/emqxes.rs b/kube-custom-resources-rs/src/apps_emqx_io/v2alpha1/emqxes.rs index fe3bc5793..2fbf8edc8 100644 --- a/kube-custom-resources-rs/src/apps_emqx_io/v2alpha1/emqxes.rs +++ b/kube-custom-resources-rs/src/apps_emqx_io/v2alpha1/emqxes.rs @@ -2977,8 +2977,7 @@ pub struct EMQXDashboardServiceTemplateStatusLoadBalancerIngress { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct EMQXDashboardServiceTemplateStatusLoadBalancerIngressPorts { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub error: Option, + pub error: String, pub port: i32, pub protocol: String, } @@ -3114,8 +3113,7 @@ pub struct EMQXListenersServiceTemplateStatusLoadBalancerIngress { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct EMQXListenersServiceTemplateStatusLoadBalancerIngressPorts { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub error: Option, + pub error: String, pub port: i32, pub protocol: String, } diff --git a/kube-custom-resources-rs/src/camel_apache_org/v1/kamelets.rs b/kube-custom-resources-rs/src/camel_apache_org/v1/kamelets.rs index 1042a0142..a07cdaf47 100644 --- a/kube-custom-resources-rs/src/camel_apache_org/v1/kamelets.rs +++ b/kube-custom-resources-rs/src/camel_apache_org/v1/kamelets.rs @@ -39,6 +39,11 @@ pub struct KameletSpec { /// Deprecated: In favor of using DataTypes #[serde(default, skip_serializing_if = "Option::is_none")] pub types: Option>, + /// the optional versions available for this Kamelet. This field may not be taken in account by Camel core and is meant to support + /// any user defined versioning model on cluster only. If the user wants to use any given version, she must materialize a file with the given version spec + /// as the `main` Kamelet spec on the runtime. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub versions: Option>, } /// data specification types for the events consumed/produced by the Kamelet @@ -538,6 +543,529 @@ pub struct KameletTypesSchemaProperties { pub x_descriptors: Option>, } +/// the optional versions available for this Kamelet. This field may not be taken in account by Camel core and is meant to support +/// any user defined versioning model on cluster only. If the user wants to use any given version, she must materialize a file with the given version spec +/// as the `main` Kamelet spec on the runtime. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KameletVersions { + /// data specification types for the events consumed/produced by the Kamelet + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataTypes")] + pub data_types: Option>, + /// defines the formal configuration of the Kamelet + #[serde(default, skip_serializing_if = "Option::is_none")] + pub definition: Option, + /// Camel dependencies needed by the Kamelet + #[serde(default, skip_serializing_if = "Option::is_none")] + pub dependencies: Option>, + /// sources in any Camel DSL supported + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sources: Option>, + /// the main source in YAML DSL + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option>, + /// data specification types for the events consumed/produced by the Kamelet + /// Deprecated: In favor of using DataTypes + #[serde(default, skip_serializing_if = "Option::is_none")] + pub types: Option>, +} + +/// data specification types for the events consumed/produced by the Kamelet +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KameletVersionsDataTypes { + /// the default data type for this Kamelet + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, + /// one to many header specifications + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// one to many data type specifications + #[serde(default, skip_serializing_if = "Option::is_none")] + pub types: Option>, +} + +/// one to many header specifications +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KameletVersionsDataTypesHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub required: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub title: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// one to many data type specifications +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KameletVersionsDataTypesTypes { + /// the list of Camel or Maven dependencies required by the data type + #[serde(default, skip_serializing_if = "Option::is_none")] + pub dependencies: Option>, + /// optional description + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + /// the data type format name + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + /// one to many header specifications + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// media type as expected for HTTP media types (ie, application/json) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mediaType")] + pub media_type: Option, + /// the expected schema for the data type + #[serde(default, skip_serializing_if = "Option::is_none")] + pub schema: Option, + /// the data type component scheme + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scheme: Option, +} + +/// one to many header specifications +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KameletVersionsDataTypesTypesHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub required: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub title: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// the expected schema for the data type +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KameletVersionsDataTypesTypesSchema { + /// JSONSchemaURL represents a schema url. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "$schema")] + pub schema: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + /// JSON represents any valid JSON value. + /// These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub example: Option, + /// ExternalDocumentation allows referencing an external resource for extended documentation. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalDocs")] + pub external_docs: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub properties: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub required: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub title: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// ExternalDocumentation allows referencing an external resource for extended documentation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KameletVersionsDataTypesTypesSchemaExternalDocs { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KameletVersionsDataTypesTypesSchemaProperties { + /// default is a default value for undefined object fields. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deprecated: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enum")] + pub r#enum: Option>>, + /// JSON represents any valid JSON value. + /// These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub example: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "exclusiveMaximum")] + pub exclusive_maximum: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "exclusiveMinimum")] + pub exclusive_minimum: Option, + /// format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated: + /// + /// + /// - bsonobjectid: a bson object ID, i.e. a 24 characters hex string + /// - uri: an URI as parsed by Golang net/url.ParseRequestURI + /// - email: an email address as parsed by Golang net/mail.ParseAddress + /// - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034]. + /// - ipv4: an IPv4 IP as parsed by Golang net.ParseIP + /// - ipv6: an IPv6 IP as parsed by Golang net.ParseIP + /// - cidr: a CIDR as parsed by Golang net.ParseCIDR + /// - mac: a MAC address as parsed by Golang net.ParseMAC + /// - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$ + /// - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$ + /// - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ + /// - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ + /// - isbn: an ISBN10 or ISBN13 number string like "0321751043" or "978-0321751041" + /// - isbn10: an ISBN10 number string like "0321751043" + /// - isbn13: an ISBN13 number string like "978-0321751041" + /// - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$ with any non digit characters mixed in + /// - ssn: a U.S. social security number following the regex ^\\d{3}[- ]?\\d{2}[- ]?\\d{4}$ + /// - hexcolor: an hexadecimal color code like "#FFFFFF" following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$ + /// - rgbcolor: an RGB color code like rgb like "rgb(255,255,255)" + /// - byte: base64 encoded binary data + /// - password: any kind of string + /// - date: a date string like "2006-01-02" as defined by full-date in RFC3339 + /// - duration: a duration string like "22 ns" as parsed by Golang time.ParseDuration or compatible with Scala duration format + /// - datetime: a date time string like "2014-12-15T19:30:20.000Z" as defined by date-time in RFC3339. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxItems")] + pub max_items: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxLength")] + pub max_length: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxProperties")] + pub max_properties: Option, + /// A Number represents a JSON number literal. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub maximum: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minItems")] + pub min_items: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minLength")] + pub min_length: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minProperties")] + pub min_properties: Option, + /// A Number represents a JSON number literal. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub minimum: Option, + /// A Number represents a JSON number literal. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "multipleOf")] + pub multiple_of: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub nullable: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub pattern: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub title: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "uniqueItems")] + pub unique_items: Option, + /// XDescriptors is a list of extended properties that trigger a custom behavior in external systems + #[serde(default, skip_serializing_if = "Option::is_none", rename = "x-descriptors")] + pub x_descriptors: Option>, +} + +/// defines the formal configuration of the Kamelet +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KameletVersionsDefinition { + /// JSONSchemaURL represents a schema url. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "$schema")] + pub schema: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + /// JSON represents any valid JSON value. + /// These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub example: Option, + /// ExternalDocumentation allows referencing an external resource for extended documentation. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalDocs")] + pub external_docs: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub properties: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub required: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub title: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// ExternalDocumentation allows referencing an external resource for extended documentation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KameletVersionsDefinitionExternalDocs { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KameletVersionsDefinitionProperties { + /// default is a default value for undefined object fields. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deprecated: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enum")] + pub r#enum: Option>>, + /// JSON represents any valid JSON value. + /// These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub example: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "exclusiveMaximum")] + pub exclusive_maximum: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "exclusiveMinimum")] + pub exclusive_minimum: Option, + /// format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated: + /// + /// + /// - bsonobjectid: a bson object ID, i.e. a 24 characters hex string + /// - uri: an URI as parsed by Golang net/url.ParseRequestURI + /// - email: an email address as parsed by Golang net/mail.ParseAddress + /// - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034]. + /// - ipv4: an IPv4 IP as parsed by Golang net.ParseIP + /// - ipv6: an IPv6 IP as parsed by Golang net.ParseIP + /// - cidr: a CIDR as parsed by Golang net.ParseCIDR + /// - mac: a MAC address as parsed by Golang net.ParseMAC + /// - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$ + /// - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$ + /// - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ + /// - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ + /// - isbn: an ISBN10 or ISBN13 number string like "0321751043" or "978-0321751041" + /// - isbn10: an ISBN10 number string like "0321751043" + /// - isbn13: an ISBN13 number string like "978-0321751041" + /// - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$ with any non digit characters mixed in + /// - ssn: a U.S. social security number following the regex ^\\d{3}[- ]?\\d{2}[- ]?\\d{4}$ + /// - hexcolor: an hexadecimal color code like "#FFFFFF" following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$ + /// - rgbcolor: an RGB color code like rgb like "rgb(255,255,255)" + /// - byte: base64 encoded binary data + /// - password: any kind of string + /// - date: a date string like "2006-01-02" as defined by full-date in RFC3339 + /// - duration: a duration string like "22 ns" as parsed by Golang time.ParseDuration or compatible with Scala duration format + /// - datetime: a date time string like "2014-12-15T19:30:20.000Z" as defined by date-time in RFC3339. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxItems")] + pub max_items: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxLength")] + pub max_length: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxProperties")] + pub max_properties: Option, + /// A Number represents a JSON number literal. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub maximum: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minItems")] + pub min_items: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minLength")] + pub min_length: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minProperties")] + pub min_properties: Option, + /// A Number represents a JSON number literal. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub minimum: Option, + /// A Number represents a JSON number literal. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "multipleOf")] + pub multiple_of: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub nullable: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub pattern: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub title: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "uniqueItems")] + pub unique_items: Option, + /// XDescriptors is a list of extended properties that trigger a custom behavior in external systems + #[serde(default, skip_serializing_if = "Option::is_none", rename = "x-descriptors")] + pub x_descriptors: Option>, +} + +/// SourceSpec defines the configuration for one or more routes to be executed in a certain Camel DSL language. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KameletVersionsSources { + /// if the content is compressed (base64 encrypted) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub compression: Option, + /// the source code (plain text) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub content: Option, + /// the confimap key holding the source content + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentKey")] + pub content_key: Option, + /// the confimap reference holding the source content + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentRef")] + pub content_ref: Option, + /// the content type (tipically text or binary) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentType")] + pub content_type: Option, + /// True if the spec is generated from a Kamelet + #[serde(default, skip_serializing_if = "Option::is_none", rename = "from-kamelet")] + pub from_kamelet: Option, + /// Interceptors are optional identifiers the org.apache.camel.k.RoutesLoader + /// uses to pre/post process sources + #[serde(default, skip_serializing_if = "Option::is_none")] + pub interceptors: Option>, + /// specify which is the language (Camel DSL) used to interpret this source code + #[serde(default, skip_serializing_if = "Option::is_none")] + pub language: Option, + /// Loader is an optional id of the org.apache.camel.k.RoutesLoader that will + /// interpret this source at runtime + #[serde(default, skip_serializing_if = "Option::is_none")] + pub loader: Option, + /// the name of the specification + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// the path where the file is stored + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, + /// List of property names defined in the source (e.g. if type is "template") + #[serde(default, skip_serializing_if = "Option::is_none", rename = "property-names")] + pub property_names: Option>, + /// the source code (binary) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "rawContent")] + pub raw_content: Option, + /// Type defines the kind of source described by this object + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// data specification types for the events consumed/produced by the Kamelet +/// Deprecated: In favor of using DataTypes +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KameletVersionsTypes { + /// media type as expected for HTTP media types (ie, application/json) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mediaType")] + pub media_type: Option, + /// the expected schema for the event + #[serde(default, skip_serializing_if = "Option::is_none")] + pub schema: Option, +} + +/// the expected schema for the event +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KameletVersionsTypesSchema { + /// JSONSchemaURL represents a schema url. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "$schema")] + pub schema: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + /// JSON represents any valid JSON value. + /// These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub example: Option, + /// ExternalDocumentation allows referencing an external resource for extended documentation. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalDocs")] + pub external_docs: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub properties: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub required: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub title: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// ExternalDocumentation allows referencing an external resource for extended documentation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KameletVersionsTypesSchemaExternalDocs { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct KameletVersionsTypesSchemaProperties { + /// default is a default value for undefined object fields. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deprecated: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enum")] + pub r#enum: Option>>, + /// JSON represents any valid JSON value. + /// These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub example: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "exclusiveMaximum")] + pub exclusive_maximum: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "exclusiveMinimum")] + pub exclusive_minimum: Option, + /// format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated: + /// + /// + /// - bsonobjectid: a bson object ID, i.e. a 24 characters hex string + /// - uri: an URI as parsed by Golang net/url.ParseRequestURI + /// - email: an email address as parsed by Golang net/mail.ParseAddress + /// - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034]. + /// - ipv4: an IPv4 IP as parsed by Golang net.ParseIP + /// - ipv6: an IPv6 IP as parsed by Golang net.ParseIP + /// - cidr: a CIDR as parsed by Golang net.ParseCIDR + /// - mac: a MAC address as parsed by Golang net.ParseMAC + /// - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$ + /// - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$ + /// - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ + /// - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ + /// - isbn: an ISBN10 or ISBN13 number string like "0321751043" or "978-0321751041" + /// - isbn10: an ISBN10 number string like "0321751043" + /// - isbn13: an ISBN13 number string like "978-0321751041" + /// - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$ with any non digit characters mixed in + /// - ssn: a U.S. social security number following the regex ^\\d{3}[- ]?\\d{2}[- ]?\\d{4}$ + /// - hexcolor: an hexadecimal color code like "#FFFFFF" following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$ + /// - rgbcolor: an RGB color code like rgb like "rgb(255,255,255)" + /// - byte: base64 encoded binary data + /// - password: any kind of string + /// - date: a date string like "2006-01-02" as defined by full-date in RFC3339 + /// - duration: a duration string like "22 ns" as parsed by Golang time.ParseDuration or compatible with Scala duration format + /// - datetime: a date time string like "2014-12-15T19:30:20.000Z" as defined by date-time in RFC3339. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub format: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub id: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxItems")] + pub max_items: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxLength")] + pub max_length: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxProperties")] + pub max_properties: Option, + /// A Number represents a JSON number literal. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub maximum: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minItems")] + pub min_items: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minLength")] + pub min_length: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minProperties")] + pub min_properties: Option, + /// A Number represents a JSON number literal. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub minimum: Option, + /// A Number represents a JSON number literal. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "multipleOf")] + pub multiple_of: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub nullable: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub pattern: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub title: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "uniqueItems")] + pub unique_items: Option, + /// XDescriptors is a list of extended properties that trigger a custom behavior in external systems + #[serde(default, skip_serializing_if = "Option::is_none", rename = "x-descriptors")] + pub x_descriptors: Option>, +} + /// the actual status of the resource /// Deprecated no longer in use #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/configurations.rs b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/configurations.rs index 8448789fc..c42398a2a 100644 --- a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/configurations.rs +++ b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/configurations.rs @@ -152,6 +152,9 @@ pub struct ConfigurationCatchCommand { /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, + /// WorkDir is the working directory for command. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "workDir")] + pub work_dir: Option, } /// Binding represents a key/value set as a binding in an executing test. @@ -495,6 +498,9 @@ pub struct ConfigurationCatchScript { /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, + /// WorkDir is the working directory for script. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "workDir")] + pub work_dir: Option, } /// Binding represents a key/value set as a binding in an executing test. diff --git a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/tests.rs b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/tests.rs index a7352937a..419910a61 100644 --- a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/tests.rs +++ b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/tests.rs @@ -151,6 +151,9 @@ pub struct TestCatchCommand { /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, + /// WorkDir is the working directory for command. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "workDir")] + pub work_dir: Option, } /// Binding represents a key/value set as a binding in an executing test. @@ -494,6 +497,9 @@ pub struct TestCatchScript { /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, + /// WorkDir is the working directory for script. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "workDir")] + pub work_dir: Option, } /// Binding represents a key/value set as a binding in an executing test. @@ -792,6 +798,9 @@ pub struct TestStepsCatchCommand { /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, + /// WorkDir is the working directory for command. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "workDir")] + pub work_dir: Option, } /// Binding represents a key/value set as a binding in an executing test. @@ -1135,6 +1144,9 @@ pub struct TestStepsCatchScript { /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, + /// WorkDir is the working directory for script. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "workDir")] + pub work_dir: Option, } /// Binding represents a key/value set as a binding in an executing test. @@ -1339,6 +1351,9 @@ pub struct TestStepsCleanupCommand { /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, + /// WorkDir is the working directory for command. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "workDir")] + pub work_dir: Option, } /// Binding represents a key/value set as a binding in an executing test. @@ -1682,6 +1697,9 @@ pub struct TestStepsCleanupScript { /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, + /// WorkDir is the working directory for script. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "workDir")] + pub work_dir: Option, } /// Binding represents a key/value set as a binding in an executing test. @@ -1905,6 +1923,9 @@ pub struct TestStepsFinallyCommand { /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, + /// WorkDir is the working directory for command. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "workDir")] + pub work_dir: Option, } /// Binding represents a key/value set as a binding in an executing test. @@ -2248,6 +2269,9 @@ pub struct TestStepsFinallyScript { /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, + /// WorkDir is the working directory for script. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "workDir")] + pub work_dir: Option, } /// Binding represents a key/value set as a binding in an executing test. @@ -2631,6 +2655,9 @@ pub struct TestStepsTryCommand { /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, + /// WorkDir is the working directory for command. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "workDir")] + pub work_dir: Option, } /// Binding represents a key/value set as a binding in an executing test. @@ -3243,6 +3270,9 @@ pub struct TestStepsTryScript { /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, + /// WorkDir is the working directory for script. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "workDir")] + pub work_dir: Option, } /// Binding represents a key/value set as a binding in an executing test. diff --git a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs index 954015540..11cdb96db 100644 --- a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs +++ b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs @@ -182,6 +182,9 @@ pub struct ConfigurationErrorCatchCommand { /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, + /// WorkDir is the working directory for command. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "workDir")] + pub work_dir: Option, } /// Binding represents a key/value set as a binding in an executing test. @@ -525,6 +528,9 @@ pub struct ConfigurationErrorCatchScript { /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, + /// WorkDir is the working directory for script. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "workDir")] + pub work_dir: Option, } /// Binding represents a key/value set as a binding in an executing test. diff --git a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/tests.rs b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/tests.rs index 59837cf75..a4cf02e6f 100644 --- a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/tests.rs +++ b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/tests.rs @@ -178,6 +178,9 @@ pub struct TestErrorCatchCommand { /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, + /// WorkDir is the working directory for command. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "workDir")] + pub work_dir: Option, } /// Binding represents a key/value set as a binding in an executing test. @@ -521,6 +524,9 @@ pub struct TestErrorCatchScript { /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, + /// WorkDir is the working directory for script. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "workDir")] + pub work_dir: Option, } /// Binding represents a key/value set as a binding in an executing test. diff --git a/kube-custom-resources-rs/src/cloudfront_services_k8s_aws/v1alpha1/responseheaderspolicies.rs b/kube-custom-resources-rs/src/cloudfront_services_k8s_aws/v1alpha1/responseheaderspolicies.rs index b10a673ba..bb5e58354 100644 --- a/kube-custom-resources-rs/src/cloudfront_services_k8s_aws/v1alpha1/responseheaderspolicies.rs +++ b/kube-custom-resources-rs/src/cloudfront_services_k8s_aws/v1alpha1/responseheaderspolicies.rs @@ -298,8 +298,8 @@ pub struct ResponseHeadersPolicyResponseHeadersPolicyConfigSecurityHeadersConfig /// For more information about the X-XSS-Protection HTTP response header, see /// X-XSS-Protection (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) /// in the MDN Web Docs. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "xSSProtection")] - pub x_ss_protection: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "xssProtection")] + pub xss_protection: Option, } /// The policy directives and their values that CloudFront includes as values @@ -387,7 +387,7 @@ pub struct ResponseHeadersPolicyResponseHeadersPolicyConfigSecurityHeadersConfig /// X-XSS-Protection (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) /// in the MDN Web Docs. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ResponseHeadersPolicyResponseHeadersPolicyConfigSecurityHeadersConfigXSsProtection { +pub struct ResponseHeadersPolicyResponseHeadersPolicyConfigSecurityHeadersConfigXssProtection { #[serde(default, skip_serializing_if = "Option::is_none", rename = "modeBlock")] pub mode_block: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "override")] diff --git a/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/actionsets.rs b/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/actionsets.rs index 6791e8159..8171dd387 100644 --- a/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/actionsets.rs +++ b/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/actionsets.rs @@ -380,6 +380,9 @@ pub struct ActionSetEnvFromSecretRef { /// Specifies the restore action. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ActionSetRestore { + /// Determines if a base backup is required during restoration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "baseBackupRequired")] + pub base_backup_required: Option, /// Specifies the actions that should be executed after the data has been prepared and is ready for restoration. #[serde(default, skip_serializing_if = "Option::is_none", rename = "postReady")] pub post_ready: Option>, diff --git a/kube-custom-resources-rs/src/flink_apache_org/v1beta1/flinkdeployments.rs b/kube-custom-resources-rs/src/flink_apache_org/v1beta1/flinkdeployments.rs index bfcf36577..c7427463d 100644 --- a/kube-custom-resources-rs/src/flink_apache_org/v1beta1/flinkdeployments.rs +++ b/kube-custom-resources-rs/src/flink_apache_org/v1beta1/flinkdeployments.rs @@ -100,8 +100,6 @@ pub struct FlinkDeploymentJob { pub checkpoint_trigger_nonce: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "entryClass")] pub entry_class: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "flinkStateSnapshotReference")] - pub flink_state_snapshot_reference: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "initialSavepointPath")] pub initial_savepoint_path: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "jarURI")] @@ -118,16 +116,6 @@ pub struct FlinkDeploymentJob { pub upgrade_mode: Option, } -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlinkDeploymentJobFlinkStateSnapshotReference { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespace: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub path: Option, -} - #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum FlinkDeploymentJobState { #[serde(rename = "running")] @@ -11530,8 +11518,8 @@ pub struct FlinkDeploymentStatusJobStatus { pub state: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "updateTime")] pub update_time: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "upgradeSnapshotReference")] - pub upgrade_snapshot_reference: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "upgradeSavepointPath")] + pub upgrade_savepoint_path: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -11718,16 +11706,6 @@ pub enum FlinkDeploymentStatusJobStatusSavepointInfoTriggerType { Upgrade, } -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlinkDeploymentStatusJobStatusUpgradeSnapshotReference { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespace: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub path: Option, -} - #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum FlinkDeploymentStatusLifecycleState { #[serde(rename = "CREATED")] diff --git a/kube-custom-resources-rs/src/flink_apache_org/v1beta1/flinksessionjobs.rs b/kube-custom-resources-rs/src/flink_apache_org/v1beta1/flinksessionjobs.rs index e90df6985..0478ca2ff 100644 --- a/kube-custom-resources-rs/src/flink_apache_org/v1beta1/flinksessionjobs.rs +++ b/kube-custom-resources-rs/src/flink_apache_org/v1beta1/flinksessionjobs.rs @@ -38,8 +38,6 @@ pub struct FlinkSessionJobJob { pub checkpoint_trigger_nonce: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "entryClass")] pub entry_class: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "flinkStateSnapshotReference")] - pub flink_state_snapshot_reference: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "initialSavepointPath")] pub initial_savepoint_path: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "jarURI")] @@ -56,16 +54,6 @@ pub struct FlinkSessionJobJob { pub upgrade_mode: Option, } -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlinkSessionJobJobFlinkStateSnapshotReference { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespace: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub path: Option, -} - #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum FlinkSessionJobJobState { #[serde(rename = "running")] @@ -114,8 +102,8 @@ pub struct FlinkSessionJobStatusJobStatus { pub state: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "updateTime")] pub update_time: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "upgradeSnapshotReference")] - pub upgrade_snapshot_reference: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "upgradeSavepointPath")] + pub upgrade_savepoint_path: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -302,16 +290,6 @@ pub enum FlinkSessionJobStatusJobStatusSavepointInfoTriggerType { Upgrade, } -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlinkSessionJobStatusJobStatusUpgradeSnapshotReference { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespace: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub path: Option, -} - #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum FlinkSessionJobStatusLifecycleState { #[serde(rename = "CREATED")] diff --git a/kube-custom-resources-rs/src/flows_netobserv_io/v1beta1/flowcollectors.rs b/kube-custom-resources-rs/src/flows_netobserv_io/v1beta1/flowcollectors.rs index c6e0e6559..65ea121ec 100644 --- a/kube-custom-resources-rs/src/flows_netobserv_io/v1beta1/flowcollectors.rs +++ b/kube-custom-resources-rs/src/flows_netobserv_io/v1beta1/flowcollectors.rs @@ -107,6 +107,8 @@ pub struct FlowCollectorAgentEbpf { /// If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.
/// - `DNSTracking`: enable the DNS tracking feature.
/// - `FlowRTT`: enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic.
+ /// - `NetworkEvents`: enable the Network events monitoring feature. This feature requires mounting + /// the kernel debug filesystem, so the eBPF pod has to run as privileged. #[serde(default, skip_serializing_if = "Option::is_none")] pub features: Option>, /// `flowFilter` defines the eBPF agent configuration regarding flow filtering diff --git a/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs b/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs index ed86afe31..4d2acf4a1 100644 --- a/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs +++ b/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs @@ -108,6 +108,8 @@ pub struct FlowCollectorAgentEbpf { /// If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.
/// - `DNSTracking`: enable the DNS tracking feature.
/// - `FlowRTT`: enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic.
+ /// - `NetworkEvents`: enable the Network events monitoring feature. This feature requires mounting + /// the kernel debug filesystem, so the eBPF pod has to run as privileged. #[serde(default, skip_serializing_if = "Option::is_none")] pub features: Option>, /// `flowFilter` defines the eBPF agent configuration regarding flow filtering. diff --git a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterinputs.rs b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterinputs.rs index 982f725e8..4976b95bc 100644 --- a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterinputs.rs +++ b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterinputs.rs @@ -30,6 +30,9 @@ pub struct ClusterInputSpec { /// Dummy defines Dummy Input configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub dummy: Option, + /// ExecWasi defines the exec wasi input plugin configuration + #[serde(default, skip_serializing_if = "Option::is_none", rename = "execWasi")] + pub exec_wasi: Option, /// FluentBitMetrics defines Fluent Bit Metrics Input configuration. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fluentBitMetrics")] pub fluent_bit_metrics: Option, @@ -125,6 +128,37 @@ pub struct ClusterInputDummy { pub tag: Option, } +/// ExecWasi defines the exec wasi input plugin configuration +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterInputExecWasi { + /// Specify the whitelist of paths to be able to access paths from WASM programs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessiblePaths")] + pub accessible_paths: Option>, + /// Size of the buffer (check unit sizes for allowed values) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bufSize")] + pub buf_size: Option, + /// Polling interval (nanoseconds). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "intervalNSec")] + pub interval_n_sec: Option, + /// Polling interval (seconds). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "intervalSec")] + pub interval_sec: Option, + /// Specify the name of a parser to interpret the entry as a structured message. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub parser: Option, + /// Indicates whether to run this input in its own thread. Default: false. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub threaded: Option, + /// The place of a WASM program file. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "wasiPath")] + pub wasi_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "wasmHeapSize")] + pub wasm_heap_size: Option, + /// Size of the stack size of Wasm execution. Review unit sizes for allowed values. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "wasmStackSize")] + pub wasm_stack_size: Option, +} + /// FluentBitMetrics defines Fluent Bit Metrics Input configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterInputFluentBitMetrics { diff --git a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/gateways.rs b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/gateways.rs index 5bb1cd874..28c57cc1d 100644 --- a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/gateways.rs +++ b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/gateways.rs @@ -49,6 +49,16 @@ pub struct GatewaySpec { /// #[serde(default, skip_serializing_if = "Option::is_none")] pub addresses: Option>, + /// BackendTLS configures TLS settings for when this Gateway is connecting to + /// backends with TLS. + /// + /// + /// Support: Core + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none", rename = "backendTLS")] + pub backend_tls: Option, /// GatewayClassName used for this Gateway. This is the name of a /// GatewayClass resource. #[serde(rename = "gatewayClassName")] @@ -56,10 +66,7 @@ pub struct GatewaySpec { /// Infrastructure defines infrastructure level attributes about this Gateway instance. /// /// - /// Support: Core - /// - /// - /// + /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub infrastructure: Option, /// Listeners associated with this Gateway. Listeners define @@ -223,7 +230,58 @@ pub struct GatewayAddresses { pub value: String, } -/// Infrastructure defines infrastructure level attributes about this Gateway instance. +/// BackendTLS configures TLS settings for when this Gateway is connecting to +/// backends with TLS. +/// +/// +/// Support: Core +/// +/// +/// +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GatewayBackendTls { + /// ClientCertificateRef is a reference to an object that contains a Client + /// Certificate and the associated private key. + /// + /// + /// References to a resource in different namespace are invalid UNLESS there + /// is a ReferenceGrant in the target namespace that allows the certificate + /// to be attached. If a ReferenceGrant does not allow this reference, the + /// "ResolvedRefs" condition MUST be set to False for this listener with the + /// "RefNotPermitted" reason. + /// + /// + /// ClientCertificateRef can reference to standard Kubernetes resources, i.e. + /// Secret, or implementation-specific custom resources. + /// + /// + /// This setting can be overridden on the service level by use of BackendTLSPolicy. + /// + /// + /// Support: Core + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientCertificateRef")] + pub client_certificate_ref: Option, +} + +/// ClientCertificateRef is a reference to an object that contains a Client +/// Certificate and the associated private key. +/// +/// +/// References to a resource in different namespace are invalid UNLESS there +/// is a ReferenceGrant in the target namespace that allows the certificate +/// to be attached. If a ReferenceGrant does not allow this reference, the +/// "ResolvedRefs" condition MUST be set to False for this listener with the +/// "RefNotPermitted" reason. +/// +/// +/// ClientCertificateRef can reference to standard Kubernetes resources, i.e. +/// Secret, or implementation-specific custom resources. +/// +/// +/// This setting can be overridden on the service level by use of BackendTLSPolicy. /// /// /// Support: Core @@ -231,6 +289,36 @@ pub struct GatewayAddresses { /// /// #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GatewayBackendTlsClientCertificateRef { + /// Group is the group of the referent. For example, "gateway.networking.k8s.io". + /// When unspecified or empty string, core API group is inferred. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub group: Option, + /// Kind is kind of the referent. For example "Secret". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + /// Name is the name of the referent. + pub name: String, + /// Namespace is the namespace of the referenced object. When unspecified, the local + /// namespace is inferred. + /// + /// + /// Note that when a namespace different than the local namespace is specified, + /// a ReferenceGrant object is required in the referent namespace to allow that + /// namespace's owner to accept the reference. See the ReferenceGrant + /// documentation for details. + /// + /// + /// Support: Core + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// Infrastructure defines infrastructure level attributes about this Gateway instance. +/// +/// +/// Support: Extended +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GatewayInfrastructure { /// Annotations that SHOULD be applied to any resources created in response to this Gateway. /// @@ -255,6 +343,10 @@ pub struct GatewayInfrastructure { /// An implementation may chose to add additional implementation-specific labels as they see fit. /// /// + /// If an implementation maps these labels to Pods, or any other resource that would need to be recreated when labels + /// change, it SHOULD clearly warn about this behavior in documentation. + /// + /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, diff --git a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/httproutes.rs b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/httproutes.rs index ca3dd6a15..004fda4f4 100644 --- a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/httproutes.rs +++ b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/httproutes.rs @@ -491,6 +491,15 @@ pub struct HTTPRouteRules { /// #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, + /// Retry defines the configuration for when to retry an HTTP request. + /// + /// + /// Support: Extended + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub retry: Option, /// SessionPersistence defines and configures session persistence /// for the route rule. /// @@ -2433,6 +2442,84 @@ pub enum HTTPRouteRulesMatchesQueryParamsType { RegularExpression, } +/// Retry defines the configuration for when to retry an HTTP request. +/// +/// +/// Support: Extended +/// +/// +/// +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HTTPRouteRulesRetry { + /// Attempts specifies the maxmimum number of times an individual request + /// from the gateway to a backend should be retried. + /// + /// + /// If the maximum number of retries has been attempted without a successful + /// response from the backend, the Gateway MUST return an error. + /// + /// + /// When this field is unspecified, the number of times to attempt to retry + /// a backend request is implementation-specific. + /// + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub attempts: Option, + /// Backoff specifies the minimum duration a Gateway should wait between + /// retry attempts and is represented in Gateway API Duration formatting. + /// + /// + /// For example, setting the `rules[].retry.backoff` field to the value + /// `100ms` will cause a backend request to first be retried approximately + /// 100 milliseconds after timing out or receiving a response code configured + /// to be retryable. + /// + /// + /// An implementation MAY use an exponential or alternative backoff strategy + /// for subsequent retry attempts, MAY cap the maximum backoff duration to + /// some amount greater than the specified minimum, and MAY add arbitrary + /// jitter to stagger requests, as long as unsuccessful backend requests are + /// not retried before the configured minimum duration. + /// + /// + /// If a Request timeout (`rules[].timeouts.request`) is configured on the + /// route, the entire duration of the initial request and any retry attempts + /// MUST not exceed the Request timeout duration. If any retry attempts are + /// still in progress when the Request timeout duration has been reached, + /// these SHOULD be canceled if possible and the Gateway MUST immediately + /// return a timeout error. + /// + /// + /// If a BackendRequest timeout (`rules[].timeouts.backendRequest`) is + /// configured on the route, any retry attempts which reach the configured + /// BackendRequest timeout duration without a response SHOULD be canceled if + /// possible and the Gateway should wait for at least the specified backoff + /// duration before attempting to retry the backend request again. + /// + /// + /// If a BackendRequest timeout is _not_ configured on the route, retry + /// attempts MAY time out after an implementation default duration, or MAY + /// remain pending until a configured Request timeout or implementation + /// default duration for total request time is reached. + /// + /// + /// When this field is unspecified, the time to wait between retry attempts + /// is implementation-specific. + /// + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub backoff: Option, + /// Codes defines the HTTP response status codes for which a backend request + /// should be retried. + /// + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub codes: Option>, +} + /// SessionPersistence defines and configures session persistence /// for the route rule. /// diff --git a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1beta1/gateways.rs b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1beta1/gateways.rs index 302e8d444..9af9de57d 100644 --- a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1beta1/gateways.rs +++ b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1beta1/gateways.rs @@ -49,6 +49,16 @@ pub struct GatewaySpec { /// #[serde(default, skip_serializing_if = "Option::is_none")] pub addresses: Option>, + /// BackendTLS configures TLS settings for when this Gateway is connecting to + /// backends with TLS. + /// + /// + /// Support: Core + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none", rename = "backendTLS")] + pub backend_tls: Option, /// GatewayClassName used for this Gateway. This is the name of a /// GatewayClass resource. #[serde(rename = "gatewayClassName")] @@ -56,10 +66,7 @@ pub struct GatewaySpec { /// Infrastructure defines infrastructure level attributes about this Gateway instance. /// /// - /// Support: Core - /// - /// - /// + /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub infrastructure: Option, /// Listeners associated with this Gateway. Listeners define @@ -223,7 +230,58 @@ pub struct GatewayAddresses { pub value: String, } -/// Infrastructure defines infrastructure level attributes about this Gateway instance. +/// BackendTLS configures TLS settings for when this Gateway is connecting to +/// backends with TLS. +/// +/// +/// Support: Core +/// +/// +/// +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GatewayBackendTls { + /// ClientCertificateRef is a reference to an object that contains a Client + /// Certificate and the associated private key. + /// + /// + /// References to a resource in different namespace are invalid UNLESS there + /// is a ReferenceGrant in the target namespace that allows the certificate + /// to be attached. If a ReferenceGrant does not allow this reference, the + /// "ResolvedRefs" condition MUST be set to False for this listener with the + /// "RefNotPermitted" reason. + /// + /// + /// ClientCertificateRef can reference to standard Kubernetes resources, i.e. + /// Secret, or implementation-specific custom resources. + /// + /// + /// This setting can be overridden on the service level by use of BackendTLSPolicy. + /// + /// + /// Support: Core + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientCertificateRef")] + pub client_certificate_ref: Option, +} + +/// ClientCertificateRef is a reference to an object that contains a Client +/// Certificate and the associated private key. +/// +/// +/// References to a resource in different namespace are invalid UNLESS there +/// is a ReferenceGrant in the target namespace that allows the certificate +/// to be attached. If a ReferenceGrant does not allow this reference, the +/// "ResolvedRefs" condition MUST be set to False for this listener with the +/// "RefNotPermitted" reason. +/// +/// +/// ClientCertificateRef can reference to standard Kubernetes resources, i.e. +/// Secret, or implementation-specific custom resources. +/// +/// +/// This setting can be overridden on the service level by use of BackendTLSPolicy. /// /// /// Support: Core @@ -231,6 +289,36 @@ pub struct GatewayAddresses { /// /// #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GatewayBackendTlsClientCertificateRef { + /// Group is the group of the referent. For example, "gateway.networking.k8s.io". + /// When unspecified or empty string, core API group is inferred. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub group: Option, + /// Kind is kind of the referent. For example "Secret". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + /// Name is the name of the referent. + pub name: String, + /// Namespace is the namespace of the referenced object. When unspecified, the local + /// namespace is inferred. + /// + /// + /// Note that when a namespace different than the local namespace is specified, + /// a ReferenceGrant object is required in the referent namespace to allow that + /// namespace's owner to accept the reference. See the ReferenceGrant + /// documentation for details. + /// + /// + /// Support: Core + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// Infrastructure defines infrastructure level attributes about this Gateway instance. +/// +/// +/// Support: Extended +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GatewayInfrastructure { /// Annotations that SHOULD be applied to any resources created in response to this Gateway. /// @@ -255,6 +343,10 @@ pub struct GatewayInfrastructure { /// An implementation may chose to add additional implementation-specific labels as they see fit. /// /// + /// If an implementation maps these labels to Pods, or any other resource that would need to be recreated when labels + /// change, it SHOULD clearly warn about this behavior in documentation. + /// + /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, diff --git a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1beta1/httproutes.rs b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1beta1/httproutes.rs index c8d309f50..db016e743 100644 --- a/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1beta1/httproutes.rs +++ b/kube-custom-resources-rs/src/gateway_networking_k8s_io/v1beta1/httproutes.rs @@ -491,6 +491,15 @@ pub struct HTTPRouteRules { /// #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, + /// Retry defines the configuration for when to retry an HTTP request. + /// + /// + /// Support: Extended + /// + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub retry: Option, /// SessionPersistence defines and configures session persistence /// for the route rule. /// @@ -2433,6 +2442,84 @@ pub enum HTTPRouteRulesMatchesQueryParamsType { RegularExpression, } +/// Retry defines the configuration for when to retry an HTTP request. +/// +/// +/// Support: Extended +/// +/// +/// +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HTTPRouteRulesRetry { + /// Attempts specifies the maxmimum number of times an individual request + /// from the gateway to a backend should be retried. + /// + /// + /// If the maximum number of retries has been attempted without a successful + /// response from the backend, the Gateway MUST return an error. + /// + /// + /// When this field is unspecified, the number of times to attempt to retry + /// a backend request is implementation-specific. + /// + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub attempts: Option, + /// Backoff specifies the minimum duration a Gateway should wait between + /// retry attempts and is represented in Gateway API Duration formatting. + /// + /// + /// For example, setting the `rules[].retry.backoff` field to the value + /// `100ms` will cause a backend request to first be retried approximately + /// 100 milliseconds after timing out or receiving a response code configured + /// to be retryable. + /// + /// + /// An implementation MAY use an exponential or alternative backoff strategy + /// for subsequent retry attempts, MAY cap the maximum backoff duration to + /// some amount greater than the specified minimum, and MAY add arbitrary + /// jitter to stagger requests, as long as unsuccessful backend requests are + /// not retried before the configured minimum duration. + /// + /// + /// If a Request timeout (`rules[].timeouts.request`) is configured on the + /// route, the entire duration of the initial request and any retry attempts + /// MUST not exceed the Request timeout duration. If any retry attempts are + /// still in progress when the Request timeout duration has been reached, + /// these SHOULD be canceled if possible and the Gateway MUST immediately + /// return a timeout error. + /// + /// + /// If a BackendRequest timeout (`rules[].timeouts.backendRequest`) is + /// configured on the route, any retry attempts which reach the configured + /// BackendRequest timeout duration without a response SHOULD be canceled if + /// possible and the Gateway should wait for at least the specified backoff + /// duration before attempting to retry the backend request again. + /// + /// + /// If a BackendRequest timeout is _not_ configured on the route, retry + /// attempts MAY time out after an implementation default duration, or MAY + /// remain pending until a configured Request timeout or implementation + /// default duration for total request time is reached. + /// + /// + /// When this field is unspecified, the time to wait between retry attempts + /// is implementation-specific. + /// + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub backoff: Option, + /// Codes defines the HTTP response status codes for which a backend request + /// should be retried. + /// + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub codes: Option>, +} + /// SessionPersistence defines and configures session persistence /// for the route rule. /// diff --git a/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadashboards.rs b/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadashboards.rs index 7f1ec12ed..ca0821979 100644 --- a/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadashboards.rs +++ b/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadashboards.rs @@ -74,6 +74,9 @@ pub struct GrafanaDashboardSpec { /// dashboard url #[serde(default, skip_serializing_if = "Option::is_none")] pub url: Option, + /// authorization options for dashboard from url + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlAuthorization")] + pub url_authorization: Option, } /// dashboard from configmap @@ -266,6 +269,61 @@ pub struct GrafanaDashboardPlugins { pub version: String, } +/// authorization options for dashboard from url +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GrafanaDashboardUrlAuthorization { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] + pub basic_auth: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GrafanaDashboardUrlAuthorizationBasicAuth { + /// SecretKeySelector selects a key of a Secret. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub password: Option, + /// SecretKeySelector selects a key of a Secret. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub username: Option, +} + +/// SecretKeySelector selects a key of a Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GrafanaDashboardUrlAuthorizationBasicAuthPassword { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// SecretKeySelector selects a key of a Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GrafanaDashboardUrlAuthorizationBasicAuthUsername { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + /// GrafanaDashboardStatus defines the observed state of GrafanaDashboard #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDashboardStatus { diff --git a/kube-custom-resources-rs/src/infinispan_org/v1/infinispans.rs b/kube-custom-resources-rs/src/infinispan_org/v1/infinispans.rs index 56c8f8f93..caa30c3ec 100644 --- a/kube-custom-resources-rs/src/infinispan_org/v1/infinispans.rs +++ b/kube-custom-resources-rs/src/infinispan_org/v1/infinispans.rs @@ -82,15 +82,28 @@ pub struct InfinispanAffinity { /// Describes node affinity scheduling rules for the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityNodeAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node matches the corresponding matchExpressions; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to an update), the system + /// may or may not try to eventually evict the pod from its node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option, } -/// An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +/// An empty preferred scheduling term matches all objects with implicit weight 0 +/// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { /// A node selector term, associated with the corresponding weight. @@ -110,31 +123,47 @@ pub struct InfinispanAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringE pub match_fields: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +/// If the affinity requirements specified by this field are not met at +/// scheduling time, the pod will not be scheduled onto the node. +/// If the affinity requirements specified by this field cease to be met +/// at some point during pod execution (e.g. due to an update), the system +/// may or may not try to eventually evict the pod from its node. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// Required. A list of node selector terms. The terms are ORed. @@ -142,7 +171,9 @@ pub struct InfinispanAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringEx pub node_selector_terms: Vec, } -/// A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +/// A null or empty node selector term matches no objects. The requirements of +/// them are ANDed. +/// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { /// A list of node selector requirements by node's labels. @@ -153,26 +184,38 @@ pub struct InfinispanAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringEx pub match_fields: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -180,10 +223,24 @@ pub struct InfinispanAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringEx /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityPodAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option>, } @@ -194,7 +251,8 @@ pub struct InfinispanAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringEx /// Required. A pod affinity term, associated with the corresponding weight. #[serde(rename = "podAffinityTerm")] pub pod_affinity_term: InfinispanAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. pub weight: i32, } @@ -204,13 +262,24 @@ pub struct InfinispanAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringEx /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -221,59 +290,93 @@ pub struct InfinispanAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringEx /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -284,42 +387,60 @@ pub struct InfinispanAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExe /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -327,10 +448,24 @@ pub struct InfinispanAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExe /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityPodAntiAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the anti-affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling anti-affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + /// If the anti-affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the anti-affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option>, } @@ -341,7 +476,8 @@ pub struct InfinispanAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuri /// Required. A pod affinity term, associated with the corresponding weight. #[serde(rename = "podAffinityTerm")] pub pod_affinity_term: InfinispanAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. pub weight: i32, } @@ -351,13 +487,24 @@ pub struct InfinispanAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuri /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -368,59 +515,93 @@ pub struct InfinispanAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuri /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -431,42 +612,60 @@ pub struct InfinispanAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDurin /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -666,15 +865,28 @@ pub struct InfinispanSchedulingAffinity { /// Describes node affinity scheduling rules for the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityNodeAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node matches the corresponding matchExpressions; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to an update), the system + /// may or may not try to eventually evict the pod from its node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option, } -/// An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +/// An empty preferred scheduling term matches all objects with implicit weight 0 +/// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { /// A node selector term, associated with the corresponding weight. @@ -694,31 +906,47 @@ pub struct InfinispanSchedulingAffinityNodeAffinityPreferredDuringSchedulingIgno pub match_fields: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +/// If the affinity requirements specified by this field are not met at +/// scheduling time, the pod will not be scheduled onto the node. +/// If the affinity requirements specified by this field cease to be met +/// at some point during pod execution (e.g. due to an update), the system +/// may or may not try to eventually evict the pod from its node. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// Required. A list of node selector terms. The terms are ORed. @@ -726,7 +954,9 @@ pub struct InfinispanSchedulingAffinityNodeAffinityRequiredDuringSchedulingIgnor pub node_selector_terms: Vec, } -/// A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +/// A null or empty node selector term matches no objects. The requirements of +/// them are ANDed. +/// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { /// A list of node selector requirements by node's labels. @@ -737,26 +967,38 @@ pub struct InfinispanSchedulingAffinityNodeAffinityRequiredDuringSchedulingIgnor pub match_fields: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -764,10 +1006,24 @@ pub struct InfinispanSchedulingAffinityNodeAffinityRequiredDuringSchedulingIgnor /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityPodAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option>, } @@ -778,7 +1034,8 @@ pub struct InfinispanSchedulingAffinityPodAffinityPreferredDuringSchedulingIgnor /// Required. A pod affinity term, associated with the corresponding weight. #[serde(rename = "podAffinityTerm")] pub pod_affinity_term: InfinispanSchedulingAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. pub weight: i32, } @@ -788,13 +1045,24 @@ pub struct InfinispanSchedulingAffinityPodAffinityPreferredDuringSchedulingIgnor /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -805,59 +1073,93 @@ pub struct InfinispanSchedulingAffinityPodAffinityPreferredDuringSchedulingIgnor /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -868,42 +1170,60 @@ pub struct InfinispanSchedulingAffinityPodAffinityRequiredDuringSchedulingIgnore /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -911,10 +1231,24 @@ pub struct InfinispanSchedulingAffinityPodAffinityRequiredDuringSchedulingIgnore /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityPodAntiAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the anti-affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling anti-affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + /// If the anti-affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the anti-affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] pub required_during_scheduling_ignored_during_execution: Option>, } @@ -925,7 +1259,8 @@ pub struct InfinispanSchedulingAffinityPodAntiAffinityPreferredDuringSchedulingI /// Required. A pod affinity term, associated with the corresponding weight. #[serde(rename = "podAffinityTerm")] pub pod_affinity_term: InfinispanSchedulingAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. pub weight: i32, } @@ -935,13 +1270,24 @@ pub struct InfinispanSchedulingAffinityPodAntiAffinityPreferredDuringSchedulingI /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -952,59 +1298,93 @@ pub struct InfinispanSchedulingAffinityPodAntiAffinityPreferredDuringSchedulingI /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. #[serde(rename = "topologyKey")] pub topology_key: String, } @@ -1015,62 +1395,90 @@ pub struct InfinispanSchedulingAffinityPodAntiAffinityRequiredDuringSchedulingIg /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingTolerations { - /// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. #[serde(default, skip_serializing_if = "Option::is_none")] pub effect: Option, - /// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, - /// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. #[serde(default, skip_serializing_if = "Option::is_none")] pub operator: Option, - /// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] pub toleration_seconds: Option, - /// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, } @@ -1078,44 +1486,116 @@ pub struct InfinispanSchedulingTolerations { /// TopologySpreadConstraint specifies how to spread matching pods among the given topology. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingTopologySpreadConstraints { - /// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + /// LabelSelector is used to find matching pods. + /// Pods that match this label selector are counted to determine the number of pods + /// in their corresponding topology domain. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. + /// MaxSkew describes the degree to which pods may be unevenly distributed. + /// When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + /// between the number of matching pods in the target topology and the global minimum. + /// The global minimum is the minimum number of matching pods in an eligible domain + /// or zero if the number of eligible domains is less than MinDomains. + /// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + /// labelSelector spread as 2/2/1: + /// In this case, the global minimum is 1. + /// | zone1 | zone2 | zone3 | + /// | P P | P P | P | + /// - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + /// scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + /// violate MaxSkew(1). + /// - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + /// When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + /// to topologies that satisfy it. + /// It's a required field. Default value is 1 and 0 is not allowed. #[serde(rename = "maxSkew")] pub max_skew: i32, - /// MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - /// This is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate. + /// MinDomains indicates a minimum number of eligible domains. + /// When the number of eligible domains with matching topology keys is less than minDomains, + /// Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + /// And when the number of eligible domains with matching topology keys equals or greater than minDomains, + /// this value has no effect on scheduling. + /// As a result, when the number of eligible domains is less than minDomains, + /// scheduler won't schedule more than maxSkew Pods to those domains. + /// If value is nil, the constraint behaves as if MinDomains is equal to 1. + /// Valid values are integers greater than 0. + /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + /// + /// + /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + /// labelSelector spread as 2/2/2: + /// | zone1 | zone2 | zone3 | + /// | P P | P P | P P | + /// The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + /// In this situation, new pod with the same labelSelector cannot be scheduled, + /// because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + /// it will violate MaxSkew. + /// + /// + /// This is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] pub min_domains: Option, - /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes match the node selector. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. + /// TopologyKey is the key of node labels. Nodes that have a label with this key + /// and identical values are considered to be in the same topology. + /// We consider each as a "bucket", and try to put balanced number + /// of pods into each bucket. + /// We define a domain as a particular instance of a topology. + /// Also, we define an eligible domain as a domain whose nodes match the node selector. + /// e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + /// And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + /// It's a required field. #[serde(rename = "topologyKey")] pub topology_key: String, - /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. + /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + /// the spread constraint. + /// - DoNotSchedule (default) tells the scheduler not to schedule it. + /// - ScheduleAnyway tells the scheduler to schedule the pod in any location, + /// but giving higher precedence to topologies that would help reduce the + /// skew. + /// A constraint is considered "Unsatisfiable" for an incoming pod + /// if and only if every possible node assignment for that pod would violate + /// "MaxSkew" on some topology. + /// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + /// labelSelector spread as 3/1/1: + /// | zone1 | zone2 | zone3 | + /// | P P P | P | P | + /// If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + /// to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + /// MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + /// won't make it *more* imbalanced. + /// It's a required field. #[serde(rename = "whenUnsatisfiable")] pub when_unsatisfiable: String, } -/// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. +/// LabelSelector is used to find matching pods. +/// Pods that match this label selector are counted to determine the number of pods +/// in their corresponding topology domain. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingTopologySpreadConstraintsLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanSchedulingTopologySpreadConstraintsLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -1214,13 +1694,19 @@ pub struct InfinispanServiceContainer { /// Enable/disable container ephemeral storage #[serde(default, skip_serializing_if = "Option::is_none", rename = "ephemeralStorage")] pub ephemeral_storage: Option, - /// Periodic probe of container liveness. Container will be restarted if the probe fails. + /// Periodic probe of container liveness. + /// Container will be restarted if the probe fails. #[serde(default, skip_serializing_if = "Option::is_none", rename = "livenessProbe")] pub liveness_probe: Option, - /// Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. + /// Periodic probe of container service readiness. + /// Container will be removed from service endpoints if the probe fails. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readinessProbe")] pub readiness_probe: Option, - /// StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. + /// StartupProbe indicates that the Pod has successfully initialized. + /// If specified, no other probes are executed until this completes successfully. + /// If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + /// This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + /// when it might take a long time to load data or warm a cache, than during steady-state operation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "startupProbe")] pub startup_probe: Option, /// The amount of storage for the persistent volume claim. @@ -1231,7 +1717,8 @@ pub struct InfinispanServiceContainer { pub storage_class_name: Option, } -/// Periodic probe of container liveness. Container will be restarted if the probe fails. +/// Periodic probe of container liveness. +/// Container will be restarted if the probe fails. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanServiceContainerLivenessProbe { /// Minimum consecutive failures for the probe to be considered failed after having succeeded. @@ -1251,7 +1738,8 @@ pub struct InfinispanServiceContainerLivenessProbe { pub timeout_seconds: Option, } -/// Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. +/// Periodic probe of container service readiness. +/// Container will be removed from service endpoints if the probe fails. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanServiceContainerReadinessProbe { /// Minimum consecutive failures for the probe to be considered failed after having succeeded. @@ -1271,7 +1759,11 @@ pub struct InfinispanServiceContainerReadinessProbe { pub timeout_seconds: Option, } -/// StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. +/// StartupProbe indicates that the Pod has successfully initialized. +/// If specified, no other probes are executed until this completes successfully. +/// If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. +/// This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, +/// when it might take a long time to load data or warm a cache, than during steady-state operation. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfinispanServiceContainerStartupProbe { /// Minimum consecutive failures for the probe to be considered failed after having succeeded. diff --git a/kube-custom-resources-rs/src/infinispan_org/v2alpha1/caches.rs b/kube-custom-resources-rs/src/infinispan_org/v2alpha1/caches.rs index 402049ce5..fbbf581fe 100644 --- a/kube-custom-resources-rs/src/infinispan_org/v2alpha1/caches.rs +++ b/kube-custom-resources-rs/src/infinispan_org/v2alpha1/caches.rs @@ -57,7 +57,9 @@ pub struct CacheAdminAuth { pub struct CacheAdminAuthPassword { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -70,7 +72,9 @@ pub struct CacheAdminAuthPassword { pub struct CacheAdminAuthUsername { /// The key of the secret to select from. Must be a valid secret key. pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined diff --git a/kube-custom-resources-rs/src/jobset_x_k8s_io/v1alpha2/jobsets.rs b/kube-custom-resources-rs/src/jobset_x_k8s_io/v1alpha2/jobsets.rs index 6747d1f1e..63182f764 100644 --- a/kube-custom-resources-rs/src/jobset_x_k8s_io/v1alpha2/jobsets.rs +++ b/kube-custom-resources-rs/src/jobset_x_k8s_io/v1alpha2/jobsets.rs @@ -40,7 +40,6 @@ pub struct JobSetSpec { /// `jobset.sigs.k8s.io/jobset-controller`, but skips reconciling JobSets /// with a custom value for this field. /// - /// /// The value must be a valid domain-prefixed path (e.g. acme.io/foo) - /// all characters before the first "/" must be a valid subdomain as defined /// by RFC 1123. All characters trailing the first "/" must be valid HTTP Path @@ -236,12 +235,10 @@ pub struct JobSetReplicatedJobsTemplateSpec { /// completionMode specifies how Pod completions are tracked. It can be /// `NonIndexed` (default) or `Indexed`. /// - /// /// `NonIndexed` means that the Job is considered complete when there have /// been .spec.completions successfully completed Pods. Each Pod completion is /// homologous to each other. /// - /// /// `Indexed` means that the Pods of a /// Job get an associated completion index from 0 to (.spec.completions - 1), /// available in the annotation batch.kubernetes.io/job-completion-index. @@ -253,7 +250,6 @@ pub struct JobSetReplicatedJobsTemplateSpec { /// `$(job-name)-$(index)-$(random-string)`, /// the Pod hostname takes the form `$(job-name)-$(index)`. /// - /// /// More completion modes can be added in the future. /// If the Job controller observes a mode that it doesn't recognize, which /// is possible during upgrades due to version skew, the controller @@ -275,8 +271,8 @@ pub struct JobSetReplicatedJobsTemplateSpec { /// The value must be a valid domain-prefixed path (e.g. acme.io/foo) - /// all characters before the first "/" must be a valid subdomain as defined /// by RFC 1123. All characters trailing the first "/" must be valid HTTP Path - /// characters as defined by RFC 3986. The value cannot exceed 64 characters. - /// + /// characters as defined by RFC 3986. The value cannot exceed 63 characters. + /// This field is immutable. /// /// This field is alpha-level. The job controller accepts setting the field /// when the feature gate JobManagedBy is enabled (disabled by default). @@ -320,10 +316,6 @@ pub struct JobSetReplicatedJobsTemplateSpec { /// represented by the jobs's .status.failed field, is incremented and it is /// checked against the backoffLimit. This field cannot be used in combination /// with restartPolicy=OnFailure. - /// - /// - /// This field is beta-level. It can be used when the `JobPodFailurePolicy` - /// feature gate is enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "podFailurePolicy")] pub pod_failure_policy: Option, /// podReplacementPolicy specifies when to create replacement Pods. @@ -333,7 +325,6 @@ pub struct JobSetReplicatedJobsTemplateSpec { /// - Failed means to wait until a previously created Pod is fully terminated (has phase /// Failed or Succeeded) before creating a replacement Pod. /// - /// /// When using podFailurePolicy, Failed is the the only allowed value. /// TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use. /// This is an beta field. To use this, enable the JobPodReplacementPolicy feature toggle. @@ -351,9 +342,8 @@ pub struct JobSetReplicatedJobsTemplateSpec { /// When the field is specified, it must be immutable and works only for the Indexed Jobs. /// Once the Job meets the SuccessPolicy, the lingering pods are terminated. /// - /// - /// This field is alpha-level. To use this field, you must enable the - /// `JobSuccessPolicy` feature gate (disabled by default). + /// This field is beta-level. To use this field, you must enable the + /// `JobSuccessPolicy` feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "successPolicy")] pub success_policy: Option, /// suspend specifies whether the Job controller should create Pods or not. If @@ -387,10 +377,6 @@ pub struct JobSetReplicatedJobsTemplateSpec { /// represented by the jobs's .status.failed field, is incremented and it is /// checked against the backoffLimit. This field cannot be used in combination /// with restartPolicy=OnFailure. -/// -/// -/// This field is beta-level. It can be used when the `JobPodFailurePolicy` -/// feature gate is enabled (enabled by default). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct JobSetReplicatedJobsTemplateSpecPodFailurePolicy { /// A list of pod failure policy rules. The rules are evaluated in order. @@ -408,7 +394,6 @@ pub struct JobSetReplicatedJobsTemplateSpecPodFailurePolicyRules { /// Specifies the action taken on a pod failure when the requirements are satisfied. /// Possible values are: /// - /// /// - FailJob: indicates that the pod's job is marked as Failed and all /// running pods are terminated. /// - FailIndex: indicates that the pod's index is marked as Failed and will @@ -445,7 +430,6 @@ pub struct JobSetReplicatedJobsTemplateSpecPodFailurePolicyRulesOnExitCodes { /// specified values. Containers completed with success (exit code 0) are /// excluded from the requirement check. Possible values are: /// - /// /// - In: the requirement is satisfied if at least one container exit code /// (might be multiple if there are multiple containers not restricted /// by the 'containerName' field) is in the set of specified values. @@ -515,9 +499,8 @@ pub struct JobSetReplicatedJobsTemplateSpecSelectorMatchExpressions { /// When the field is specified, it must be immutable and works only for the Indexed Jobs. /// Once the Job meets the SuccessPolicy, the lingering pods are terminated. /// -/// -/// This field is alpha-level. To use this field, you must enable the -/// `JobSuccessPolicy` feature gate (disabled by default). +/// This field is beta-level. To use this field, you must enable the +/// `JobSuccessPolicy` feature gate (enabled by default). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct JobSetReplicatedJobsTemplateSpecSuccessPolicy { /// rules represents the list of alternative rules for the declaring the Jobs @@ -687,9 +670,11 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpec { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "initContainers")] pub init_containers: Option>, - /// NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - /// the scheduler simply schedules this pod onto that node, assuming that it fits resource - /// requirements. + /// NodeName indicates in which node this pod is scheduled. + /// If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + /// Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + /// This field should not be used to express a desire for the pod to be scheduled on a specific node. + /// https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] pub node_name: Option, /// NodeSelector is a selector which must be true for the pod to fit on a node. @@ -700,11 +685,9 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpec { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// - /// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// - /// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -719,6 +702,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpec { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups + /// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -771,11 +755,9 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpec { /// will be made available to those containers which consume them /// by name. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaims")] pub resource_claims: Option>, @@ -800,7 +782,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpec { /// If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the /// scheduler will not attempt to schedule the pod. /// - /// /// SchedulingGates can only be set at pod creation time, and be removed only afterwards. #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingGates")] pub scheduling_gates: Option>, @@ -1064,7 +1045,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecAffinityPodAffinityPrefer /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1075,7 +1056,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecAffinityPodAffinityPrefer /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1185,7 +1166,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecAffinityPodAffinityRequir /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1196,7 +1177,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecAffinityPodAffinityRequir /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1337,7 +1318,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecAffinityPodAntiAffinityPr /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1348,7 +1329,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecAffinityPodAntiAffinityPr /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1458,7 +1439,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecAffinityPodAntiAffinityRe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1469,7 +1450,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecAffinityPodAntiAffinityRe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1775,9 +1756,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecContainersEnvValueFromCon /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1820,9 +1799,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecContainersEnvValueFromSec /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1851,9 +1828,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecContainersEnvFromConfigMa /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1868,9 +1843,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecContainersEnvFromSecretRe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -2155,7 +2128,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecContainersLivenessProbeGr /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2306,7 +2278,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecContainersReadinessProbeG /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2378,11 +2349,9 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -2405,6 +2374,11 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecContainersResourcesClaims /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -2438,7 +2412,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecContainersSecurityContext #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -2561,7 +2535,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecContainersSecurityContext /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2673,7 +2646,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecContainersStartupProbeGrp /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2758,10 +2730,8 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2769,11 +2739,9 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2828,7 +2796,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecDnsConfigOptions { /// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the /// Pod to exceed its resource allocation. /// -/// /// To add an ephemeral container, use the ephemeralcontainers subresource of an existing /// Pod. Ephemeral containers may not be removed or restarted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2929,7 +2896,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecEphemeralContainers { /// The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. /// If not set then the ephemeral container uses the namespaces configured in the Pod spec. /// - /// /// The container runtime must implement support for this feature. If the runtime does not /// support namespace targeting then the result of setting this field is undefined. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetContainerName")] @@ -3020,9 +2986,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecEphemeralContainersEnvVal /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3065,9 +3029,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecEphemeralContainersEnvVal /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3096,9 +3058,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecEphemeralContainersEnvFro /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -3113,9 +3073,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecEphemeralContainersEnvFro /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -3396,7 +3354,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecEphemeralContainersLivene /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3544,7 +3501,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecEphemeralContainersReadin /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3615,11 +3571,9 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecEphemeralContainersResour /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3642,6 +3596,11 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecEphemeralContainersResour /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Optional: SecurityContext defines the security options the ephemeral container should be run with. @@ -3674,7 +3633,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecEphemeralContainersSecuri #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -3797,7 +3756,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecEphemeralContainersSecuri /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -3903,7 +3861,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecEphemeralContainersStartu /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3988,10 +3945,8 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecEphemeralContainersVolume /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -3999,11 +3954,9 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecEphemeralContainersVolume /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -4038,9 +3991,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -4261,9 +4212,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecInitContainersEnvValueFro /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4306,9 +4255,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecInitContainersEnvValueFro /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4337,9 +4284,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecInitContainersEnvFromConf /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -4354,9 +4299,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecInitContainersEnvFromSecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -4641,7 +4584,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecInitContainersLivenessPro /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4792,7 +4734,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecInitContainersReadinessPr /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4864,11 +4805,9 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4891,6 +4830,11 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecInitContainersResourcesCl /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -4924,7 +4868,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecInitContainersSecurityCon #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -5047,7 +4991,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecInitContainersSecurityCon /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5159,7 +5102,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecInitContainersStartupProb /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -5244,10 +5186,8 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecInitContainersVolumeMount /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -5255,11 +5195,9 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecInitContainersVolumeMount /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -5278,11 +5216,9 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecInitContainersVolumeMount /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// -/// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// -/// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -5297,6 +5233,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecInitContainersVolumeMount /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups +/// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -5324,7 +5261,10 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecReadinessGates { pub condition_type: String, } -/// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +/// PodResourceClaim references exactly one ResourceClaim, either directly +/// or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim +/// for the pod. +/// /// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. /// Containers that need access to the ResourceClaim reference it with this name. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5332,32 +5272,28 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecResourceClaims { /// Name uniquely identifies this resource claim inside the pod. /// This must be a DNS_LABEL. pub name: String, - /// Source describes where to find the ResourceClaim. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source: Option, -} - -/// Source describes where to find the ResourceClaim. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecResourceClaimsSource { /// ResourceClaimName is the name of a ResourceClaim object in the same /// namespace as this pod. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimName")] pub resource_claim_name: Option, /// ResourceClaimTemplateName is the name of a ResourceClaimTemplate /// object in the same namespace as this pod. /// - /// /// The template will be used to create a new ResourceClaim, which will /// be bound to this pod. When this pod is deleted, the ResourceClaim /// will also be deleted. The pod name and resource name, along with a /// generated component, will be used to form a unique name for the /// ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. /// - /// /// This field is immutable and no changes will be made to the /// corresponding ResourceClaim by the control plane after creating the /// ResourceClaim. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimTemplateName")] pub resource_claim_template_name: Option, } @@ -5382,12 +5318,10 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -5437,15 +5371,24 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -5513,7 +5456,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecSecurityContextSeccompPro /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5605,7 +5547,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecTopologySpreadConstraints /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -5639,7 +5580,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecTopologySpreadConstraints /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -5655,7 +5595,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecTopologySpreadConstraints /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -5666,7 +5605,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecTopologySpreadConstraints /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -5775,7 +5713,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5786,17 +5723,14 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -5831,11 +5765,24 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -5894,7 +5841,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesAwsElasticBlockSto /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -5990,9 +5936,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6030,9 +5974,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6062,9 +6004,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6131,9 +6071,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesCsiNodePublishSecr /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6227,7 +6165,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -6238,17 +6175,14 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -6261,7 +6195,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6271,11 +6204,9 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -6289,7 +6220,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -6299,11 +6229,9 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesEphemeralVolumeClaimTemplate { @@ -6406,7 +6334,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesEphemeralVolumeCla /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -6535,7 +6463,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -6592,9 +6519,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesFlexVolumeSecretRe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6620,7 +6545,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesGcePersistentDisk /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -6682,9 +6606,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesHostPath { /// path of the directory on the host. @@ -6698,6 +6619,39 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -6713,7 +6667,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -6753,9 +6706,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6833,25 +6784,24 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6876,14 +6826,11 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6966,9 +6913,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesProjectedSourcesCo /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -7067,9 +7012,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesProjectedSourcesSe /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -7154,7 +7097,6 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -7201,9 +7143,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7256,9 +7196,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -7352,9 +7290,7 @@ pub struct JobSetReplicatedJobsTemplateSpecTemplateSpecVolumesStorageosSecretRef /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/k8s_nginx_org/v1/globalconfigurations.rs b/kube-custom-resources-rs/src/k8s_nginx_org/v1/globalconfigurations.rs index 20056d1bb..909dd20f3 100644 --- a/kube-custom-resources-rs/src/k8s_nginx_org/v1/globalconfigurations.rs +++ b/kube-custom-resources-rs/src/k8s_nginx_org/v1/globalconfigurations.rs @@ -24,6 +24,10 @@ pub struct GlobalConfigurationSpec { /// Listener defines a listener. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GlobalConfigurationListeners { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ipv4: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ipv6: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/nodemodulesconfigs.rs b/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/nodemodulesconfigs.rs index d388c52ce..a282a9674 100644 --- a/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/nodemodulesconfigs.rs +++ b/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/nodemodulesconfigs.rs @@ -41,6 +41,9 @@ pub struct NodeModulesConfigModules { pub struct NodeModulesConfigModulesConfig { #[serde(rename = "containerImage")] pub container_image: String, + /// PullPolicy describes a policy for if/when to pull a container image + #[serde(rename = "imagePullPolicy")] + pub image_pull_policy: String, #[serde(default, skip_serializing_if = "Option::is_none", rename = "inTreeModuleToRemove")] pub in_tree_module_to_remove: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "inTreeModulesToRemove")] @@ -163,6 +166,9 @@ pub struct NodeModulesConfigStatusModules { pub struct NodeModulesConfigStatusModulesConfig { #[serde(rename = "containerImage")] pub container_image: String, + /// PullPolicy describes a policy for if/when to pull a container image + #[serde(rename = "imagePullPolicy")] + pub image_pull_policy: String, #[serde(default, skip_serializing_if = "Option::is_none", rename = "inTreeModuleToRemove")] pub in_tree_module_to_remove: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "inTreeModulesToRemove")] diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshaccesslogs.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshaccesslogs.rs index 6550693de..0772a3596 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshaccesslogs.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshaccesslogs.rs @@ -24,8 +24,8 @@ pub struct MeshAccessLogSpec { /// TargetRef is a reference to the resource the policy takes an effect on. /// The resource could be either a real store object or virtual resource /// defined in-place. - #[serde(rename = "targetRef")] - pub target_ref: MeshAccessLogTargetRef, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRef")] + pub target_ref: Option, /// To list makes a match between the consumed services and corresponding configurations #[serde(default, skip_serializing_if = "Option::is_none")] pub to: Option>, diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshcircuitbreakers.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshcircuitbreakers.rs index 00f6084f2..f8a1a6948 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshcircuitbreakers.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshcircuitbreakers.rs @@ -25,8 +25,8 @@ pub struct MeshCircuitBreakerSpec { /// TargetRef is a reference to the resource the policy takes an effect on. /// The resource could be either a real store object or virtual resource /// defined in place. - #[serde(rename = "targetRef")] - pub target_ref: MeshCircuitBreakerTargetRef, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRef")] + pub target_ref: Option, /// To list makes a match between the consumed services and corresponding /// configurations #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshfaultinjections.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshfaultinjections.rs index fdb20e066..c1c2e508c 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshfaultinjections.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshfaultinjections.rs @@ -25,8 +25,8 @@ pub struct MeshFaultInjectionSpec { /// TargetRef is a reference to the resource the policy takes an effect on. /// The resource could be either a real store object or virtual resource /// defined inplace. - #[serde(rename = "targetRef")] - pub target_ref: MeshFaultInjectionTargetRef, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRef")] + pub target_ref: Option, /// To list makes a match between clients and corresponding configurations #[serde(default, skip_serializing_if = "Option::is_none")] pub to: Option>, diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshhealthchecks.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshhealthchecks.rs index 162ad6177..cf57eef58 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshhealthchecks.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshhealthchecks.rs @@ -22,8 +22,8 @@ pub struct MeshHealthCheckSpec { /// TargetRef is a reference to the resource the policy takes an effect on. /// The resource could be either a real store object or virtual resource /// defined inplace. - #[serde(rename = "targetRef")] - pub target_ref: MeshHealthCheckTargetRef, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRef")] + pub target_ref: Option, /// To list makes a match between the consumed services and corresponding configurations #[serde(default, skip_serializing_if = "Option::is_none")] pub to: Option>, diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshloadbalancingstrategies.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshloadbalancingstrategies.rs index 2ad17aa43..055aac46e 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshloadbalancingstrategies.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshloadbalancingstrategies.rs @@ -22,8 +22,8 @@ pub struct MeshLoadBalancingStrategySpec { /// TargetRef is a reference to the resource the policy takes an effect on. /// The resource could be either a real store object or virtual resource /// defined inplace. - #[serde(rename = "targetRef")] - pub target_ref: MeshLoadBalancingStrategyTargetRef, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRef")] + pub target_ref: Option, /// To list makes a match between the consumed services and corresponding configurations #[serde(default, skip_serializing_if = "Option::is_none")] pub to: Option>, diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshproxypatches.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshproxypatches.rs index 5493989ef..c57ce21bd 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshproxypatches.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshproxypatches.rs @@ -24,8 +24,8 @@ pub struct MeshProxyPatchSpec { /// TargetRef is a reference to the resource the policy takes an effect on. /// The resource could be either a real store object or virtual resource /// defined inplace. - #[serde(rename = "targetRef")] - pub target_ref: MeshProxyPatchTargetRef, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRef")] + pub target_ref: Option, } /// Default is a configuration specific to the group of destinations diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshratelimits.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshratelimits.rs index 61d47e178..285a78dde 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshratelimits.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshratelimits.rs @@ -24,8 +24,8 @@ pub struct MeshRateLimitSpec { /// TargetRef is a reference to the resource the policy takes an effect on. /// The resource could be either a real store object or virtual resource /// defined inplace. - #[serde(rename = "targetRef")] - pub target_ref: MeshRateLimitTargetRef, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRef")] + pub target_ref: Option, /// To list makes a match between clients and corresponding configurations #[serde(default, skip_serializing_if = "Option::is_none")] pub to: Option>, diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshretries.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshretries.rs index 0c558eafd..a6b9425aa 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshretries.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshretries.rs @@ -21,8 +21,8 @@ pub struct MeshRetrySpec { /// TargetRef is a reference to the resource the policy takes an effect on. /// The resource could be either a real store object or virtual resource /// defined inplace. - #[serde(rename = "targetRef")] - pub target_ref: MeshRetryTargetRef, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRef")] + pub target_ref: Option, /// To list makes a match between the consumed services and corresponding configurations #[serde(default, skip_serializing_if = "Option::is_none")] pub to: Option>, diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtcproutes.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtcproutes.rs index 0a79f6d33..dffa5f765 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtcproutes.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtcproutes.rs @@ -21,8 +21,8 @@ pub struct MeshTCPRouteSpec { /// TargetRef is a reference to the resource the policy takes an effect on. /// The resource could be either a real store object or virtual resource /// defined in-place. - #[serde(rename = "targetRef")] - pub target_ref: MeshTCPRouteTargetRef, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRef")] + pub target_ref: Option, /// To list makes a match between the consumed services and corresponding /// configurations #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtimeouts.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtimeouts.rs index c1e011499..328384f76 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtimeouts.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtimeouts.rs @@ -24,8 +24,8 @@ pub struct MeshTimeoutSpec { /// TargetRef is a reference to the resource the policy takes an effect on. /// The resource could be either a real store object or virtual resource /// defined inplace. - #[serde(rename = "targetRef")] - pub target_ref: MeshTimeoutTargetRef, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRef")] + pub target_ref: Option, /// To list makes a match between the consumed services and corresponding configurations #[serde(default, skip_serializing_if = "Option::is_none")] pub to: Option>, diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtraces.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtraces.rs index a6f4f98cd..c83612bf1 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtraces.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtraces.rs @@ -25,8 +25,8 @@ pub struct MeshTraceSpec { /// TargetRef is a reference to the resource the policy takes an effect on. /// The resource could be either a real store object or virtual resource /// defined inplace. - #[serde(rename = "targetRef")] - pub target_ref: MeshTraceTargetRef, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRef")] + pub target_ref: Option, } /// MeshTrace configuration. diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtrafficpermissions.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtrafficpermissions.rs index 446602605..47f6438dd 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtrafficpermissions.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshtrafficpermissions.rs @@ -24,8 +24,8 @@ pub struct MeshTrafficPermissionSpec { /// TargetRef is a reference to the resource the policy takes an effect on. /// The resource could be either a real store object or virtual resource /// defined inplace. - #[serde(rename = "targetRef")] - pub target_ref: MeshTrafficPermissionTargetRef, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRef")] + pub target_ref: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs index 7c660c4a6..6e515b32c 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs @@ -34,6 +34,10 @@ pub struct ClusterPolicySpec { /// uses variables that are only available in the admission review request (e.g. user name). #[serde(default, skip_serializing_if = "Option::is_none")] pub background: Option, + /// EmitWarning enables API response warnings for mutate policy rules or validate policy rules with validationFailureAction set to Audit. + /// Enabling this option will extend admission request processing times. The default value is "false". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emitWarning")] + pub emit_warning: Option, /// Deprecated, use failurePolicy under the webhookConfiguration instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failurePolicy")] pub failure_policy: Option, @@ -128,6 +132,9 @@ pub struct ClusterPolicyRules { /// See: https://kyverno.io/docs/writing-policies/preconditions/ #[serde(default, skip_serializing_if = "Option::is_none")] pub preconditions: Option, + /// ReportProperties are the additional properties from the rule that will be added to the policy report result + #[serde(default, skip_serializing_if = "Option::is_none", rename = "reportProperties")] + pub report_properties: Option>, /// SkipBackgroundRequests bypasses admission requests that are sent by the background controller. /// The default value is set to "true", it must be set to "false" to apply /// generate and mutateExisting rules to those requests. @@ -189,8 +196,7 @@ pub struct ClusterPolicyRulesContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -204,6 +210,10 @@ pub struct ClusterPolicyRulesContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -1020,8 +1030,7 @@ pub struct ClusterPolicyRulesGenerateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -1035,6 +1044,10 @@ pub struct ClusterPolicyRulesGenerateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -1823,8 +1836,7 @@ pub struct ClusterPolicyRulesMutateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -1838,6 +1850,10 @@ pub struct ClusterPolicyRulesMutateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -2128,8 +2144,7 @@ pub struct ClusterPolicyRulesMutateTargetsContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -2143,6 +2158,10 @@ pub struct ClusterPolicyRulesMutateTargetsContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -2277,6 +2296,9 @@ pub struct ClusterPolicyRulesMutateTargetsContextVariable { /// Validation is used to validate matching resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyRulesValidate { + /// AllowExistingViolations allows prexisting violating resources to continue violating a policy. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowExistingViolations")] + pub allow_existing_violations: Option, /// AnyPattern specifies list of validation patterns. At least one of the patterns /// must be satisfied for the validation rule to succeed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "anyPattern")] @@ -2700,8 +2722,7 @@ pub struct ClusterPolicyRulesValidateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -2715,6 +2736,10 @@ pub struct ClusterPolicyRulesValidateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -3018,6 +3043,9 @@ pub struct ClusterPolicyRulesValidateManifestsAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -3168,7 +3196,7 @@ pub struct ClusterPolicyRulesValidateManifestsAttestorsEntriesKeys { /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -3433,6 +3461,10 @@ pub struct ClusterPolicyRulesVerifyImages { /// UseCache enables caching of image verify responses for this rule. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useCache")] pub use_cache: Option, + /// Validation checks conditions across multiple image + /// verification attestations or context entries + #[serde(default, skip_serializing_if = "Option::is_none")] + pub validate: Option, /// VerifyDigest validates that images have a digest. #[serde(default, skip_serializing_if = "Option::is_none", rename = "verifyDigest")] pub verify_digest: Option, @@ -3450,6 +3482,9 @@ pub struct ClusterPolicyRulesVerifyImagesAttestations { /// the attestation check is satisfied as long there are predicates that match the predicate type. #[serde(default, skip_serializing_if = "Option::is_none")] pub conditions: Option>, + /// Name is the variable name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, /// Deprecated in favour of 'Type', to be removed soon #[serde(default, skip_serializing_if = "Option::is_none", rename = "predicateType")] pub predicate_type: Option, @@ -3495,6 +3530,9 @@ pub struct ClusterPolicyRulesVerifyImagesAttestationsAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -3645,7 +3683,7 @@ pub struct ClusterPolicyRulesVerifyImagesAttestationsAttestorsEntriesKeys { /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -3833,6 +3871,9 @@ pub struct ClusterPolicyRulesVerifyImagesAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -3983,7 +4024,7 @@ pub struct ClusterPolicyRulesVerifyImagesAttestorsEntriesKeys { /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -4066,6 +4107,29 @@ pub enum ClusterPolicyRulesVerifyImagesType { Notary, } +/// Validation checks conditions across multiple image +/// verification attestations or context entries +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesVerifyImagesValidate { + /// Deny defines conditions used to pass or fail a validation rule. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deny: Option, + /// Message specifies a custom message to be displayed on failure. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// Deny defines conditions used to pass or fail a validation rule. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesVerifyImagesValidateDeny { + /// Multiple conditions can be declared under an `any` or `all` statement. A direct list + /// of conditions (without `any` or `all` statements) is also supported for backwards compatibility + /// but will be deprecated in the next major release. + /// See: https://kyverno.io/docs/writing-policies/validate/#deny-rules + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option, +} + /// Spec declares policy behaviors. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ClusterPolicyValidationFailureAction { @@ -4202,7 +4266,8 @@ pub struct ClusterPolicyStatus { #[serde(default, skip_serializing_if = "Option::is_none")] pub conditions: Option>, /// Deprecated in favor of Conditions - pub ready: bool, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ready: Option, /// RuleCountStatus contains four variables which describes counts for /// validate, generate, mutate and verify images rules #[serde(default, skip_serializing_if = "Option::is_none")] @@ -4262,6 +4327,9 @@ pub struct ClusterPolicyStatusAutogenRules { /// See: https://kyverno.io/docs/writing-policies/preconditions/ #[serde(default, skip_serializing_if = "Option::is_none")] pub preconditions: Option, + /// ReportProperties are the additional properties from the rule that will be added to the policy report result + #[serde(default, skip_serializing_if = "Option::is_none", rename = "reportProperties")] + pub report_properties: Option>, /// SkipBackgroundRequests bypasses admission requests that are sent by the background controller. /// The default value is set to "true", it must be set to "false" to apply /// generate and mutateExisting rules to those requests. @@ -4323,8 +4391,7 @@ pub struct ClusterPolicyStatusAutogenRulesContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -4338,6 +4405,10 @@ pub struct ClusterPolicyStatusAutogenRulesContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -5154,8 +5225,7 @@ pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -5169,6 +5239,10 @@ pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -5957,8 +6031,7 @@ pub struct ClusterPolicyStatusAutogenRulesMutateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -5972,6 +6045,10 @@ pub struct ClusterPolicyStatusAutogenRulesMutateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -6262,8 +6339,7 @@ pub struct ClusterPolicyStatusAutogenRulesMutateTargetsContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -6277,6 +6353,10 @@ pub struct ClusterPolicyStatusAutogenRulesMutateTargetsContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -6411,6 +6491,9 @@ pub struct ClusterPolicyStatusAutogenRulesMutateTargetsContextVariable { /// Validation is used to validate matching resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyStatusAutogenRulesValidate { + /// AllowExistingViolations allows prexisting violating resources to continue violating a policy. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowExistingViolations")] + pub allow_existing_violations: Option, /// AnyPattern specifies list of validation patterns. At least one of the patterns /// must be satisfied for the validation rule to succeed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "anyPattern")] @@ -6834,8 +6917,7 @@ pub struct ClusterPolicyStatusAutogenRulesValidateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -6849,6 +6931,10 @@ pub struct ClusterPolicyStatusAutogenRulesValidateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -7152,6 +7238,9 @@ pub struct ClusterPolicyStatusAutogenRulesValidateManifestsAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -7302,7 +7391,7 @@ pub struct ClusterPolicyStatusAutogenRulesValidateManifestsAttestorsEntriesKeys /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -7567,6 +7656,10 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImages { /// UseCache enables caching of image verify responses for this rule. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useCache")] pub use_cache: Option, + /// Validation checks conditions across multiple image + /// verification attestations or context entries + #[serde(default, skip_serializing_if = "Option::is_none")] + pub validate: Option, /// VerifyDigest validates that images have a digest. #[serde(default, skip_serializing_if = "Option::is_none", rename = "verifyDigest")] pub verify_digest: Option, @@ -7584,6 +7677,9 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImagesAttestations { /// the attestation check is satisfied as long there are predicates that match the predicate type. #[serde(default, skip_serializing_if = "Option::is_none")] pub conditions: Option>, + /// Name is the variable name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, /// Deprecated in favour of 'Type', to be removed soon #[serde(default, skip_serializing_if = "Option::is_none", rename = "predicateType")] pub predicate_type: Option, @@ -7629,6 +7725,9 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImagesAttestationsAttestorsEntri /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -7779,7 +7878,7 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImagesAttestationsAttestorsEntri /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -7967,6 +8066,9 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImagesAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -8117,7 +8219,7 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImagesAttestorsEntriesKeys { /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -8200,6 +8302,29 @@ pub enum ClusterPolicyStatusAutogenRulesVerifyImagesType { Notary, } +/// Validation checks conditions across multiple image +/// verification attestations or context entries +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesVerifyImagesValidate { + /// Deny defines conditions used to pass or fail a validation rule. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deny: Option, + /// Message specifies a custom message to be displayed on failure. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// Deny defines conditions used to pass or fail a validation rule. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesVerifyImagesValidateDeny { + /// Multiple conditions can be declared under an `any` or `all` statement. A direct list + /// of conditions (without `any` or `all` statements) is also supported for backwards compatibility + /// but will be deprecated in the next major release. + /// See: https://kyverno.io/docs/writing-policies/validate/#deny-rules + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option, +} + /// RuleCountStatus contains four variables which describes counts for /// validate, generate, mutate and verify images rules #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs b/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs index d027e70f2..2107e5586 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs @@ -35,6 +35,10 @@ pub struct PolicySpec { /// uses variables that are only available in the admission review request (e.g. user name). #[serde(default, skip_serializing_if = "Option::is_none")] pub background: Option, + /// EmitWarning enables API response warnings for mutate policy rules or validate policy rules with validationFailureAction set to Audit. + /// Enabling this option will extend admission request processing times. The default value is "false". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emitWarning")] + pub emit_warning: Option, /// Deprecated, use failurePolicy under the webhookConfiguration instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failurePolicy")] pub failure_policy: Option, @@ -129,6 +133,9 @@ pub struct PolicyRules { /// See: https://kyverno.io/docs/writing-policies/preconditions/ #[serde(default, skip_serializing_if = "Option::is_none")] pub preconditions: Option, + /// ReportProperties are the additional properties from the rule that will be added to the policy report result + #[serde(default, skip_serializing_if = "Option::is_none", rename = "reportProperties")] + pub report_properties: Option>, /// SkipBackgroundRequests bypasses admission requests that are sent by the background controller. /// The default value is set to "true", it must be set to "false" to apply /// generate and mutateExisting rules to those requests. @@ -190,8 +197,7 @@ pub struct PolicyRulesContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -205,6 +211,10 @@ pub struct PolicyRulesContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -1021,8 +1031,7 @@ pub struct PolicyRulesGenerateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -1036,6 +1045,10 @@ pub struct PolicyRulesGenerateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -1824,8 +1837,7 @@ pub struct PolicyRulesMutateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -1839,6 +1851,10 @@ pub struct PolicyRulesMutateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -2129,8 +2145,7 @@ pub struct PolicyRulesMutateTargetsContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -2144,6 +2159,10 @@ pub struct PolicyRulesMutateTargetsContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -2278,6 +2297,9 @@ pub struct PolicyRulesMutateTargetsContextVariable { /// Validation is used to validate matching resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyRulesValidate { + /// AllowExistingViolations allows prexisting violating resources to continue violating a policy. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowExistingViolations")] + pub allow_existing_violations: Option, /// AnyPattern specifies list of validation patterns. At least one of the patterns /// must be satisfied for the validation rule to succeed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "anyPattern")] @@ -2701,8 +2723,7 @@ pub struct PolicyRulesValidateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -2716,6 +2737,10 @@ pub struct PolicyRulesValidateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -3019,6 +3044,9 @@ pub struct PolicyRulesValidateManifestsAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -3169,7 +3197,7 @@ pub struct PolicyRulesValidateManifestsAttestorsEntriesKeys { /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -3434,6 +3462,10 @@ pub struct PolicyRulesVerifyImages { /// UseCache enables caching of image verify responses for this rule. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useCache")] pub use_cache: Option, + /// Validation checks conditions across multiple image + /// verification attestations or context entries + #[serde(default, skip_serializing_if = "Option::is_none")] + pub validate: Option, /// VerifyDigest validates that images have a digest. #[serde(default, skip_serializing_if = "Option::is_none", rename = "verifyDigest")] pub verify_digest: Option, @@ -3451,6 +3483,9 @@ pub struct PolicyRulesVerifyImagesAttestations { /// the attestation check is satisfied as long there are predicates that match the predicate type. #[serde(default, skip_serializing_if = "Option::is_none")] pub conditions: Option>, + /// Name is the variable name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, /// Deprecated in favour of 'Type', to be removed soon #[serde(default, skip_serializing_if = "Option::is_none", rename = "predicateType")] pub predicate_type: Option, @@ -3496,6 +3531,9 @@ pub struct PolicyRulesVerifyImagesAttestationsAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -3646,7 +3684,7 @@ pub struct PolicyRulesVerifyImagesAttestationsAttestorsEntriesKeys { /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -3834,6 +3872,9 @@ pub struct PolicyRulesVerifyImagesAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -3984,7 +4025,7 @@ pub struct PolicyRulesVerifyImagesAttestorsEntriesKeys { /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -4067,6 +4108,29 @@ pub enum PolicyRulesVerifyImagesType { Notary, } +/// Validation checks conditions across multiple image +/// verification attestations or context entries +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesVerifyImagesValidate { + /// Deny defines conditions used to pass or fail a validation rule. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deny: Option, + /// Message specifies a custom message to be displayed on failure. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// Deny defines conditions used to pass or fail a validation rule. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesVerifyImagesValidateDeny { + /// Multiple conditions can be declared under an `any` or `all` statement. A direct list + /// of conditions (without `any` or `all` statements) is also supported for backwards compatibility + /// but will be deprecated in the next major release. + /// See: https://kyverno.io/docs/writing-policies/validate/#deny-rules + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option, +} + /// Spec defines policy behaviors and contains one or more rules. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PolicyValidationFailureAction { @@ -4203,7 +4267,8 @@ pub struct PolicyStatus { #[serde(default, skip_serializing_if = "Option::is_none")] pub conditions: Option>, /// Deprecated in favor of Conditions - pub ready: bool, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ready: Option, /// RuleCountStatus contains four variables which describes counts for /// validate, generate, mutate and verify images rules #[serde(default, skip_serializing_if = "Option::is_none")] @@ -4263,6 +4328,9 @@ pub struct PolicyStatusAutogenRules { /// See: https://kyverno.io/docs/writing-policies/preconditions/ #[serde(default, skip_serializing_if = "Option::is_none")] pub preconditions: Option, + /// ReportProperties are the additional properties from the rule that will be added to the policy report result + #[serde(default, skip_serializing_if = "Option::is_none", rename = "reportProperties")] + pub report_properties: Option>, /// SkipBackgroundRequests bypasses admission requests that are sent by the background controller. /// The default value is set to "true", it must be set to "false" to apply /// generate and mutateExisting rules to those requests. @@ -4324,8 +4392,7 @@ pub struct PolicyStatusAutogenRulesContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -4339,6 +4406,10 @@ pub struct PolicyStatusAutogenRulesContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -5155,8 +5226,7 @@ pub struct PolicyStatusAutogenRulesGenerateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -5170,6 +5240,10 @@ pub struct PolicyStatusAutogenRulesGenerateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -5958,8 +6032,7 @@ pub struct PolicyStatusAutogenRulesMutateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -5973,6 +6046,10 @@ pub struct PolicyStatusAutogenRulesMutateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -6263,8 +6340,7 @@ pub struct PolicyStatusAutogenRulesMutateTargetsContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -6278,6 +6354,10 @@ pub struct PolicyStatusAutogenRulesMutateTargetsContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -6412,6 +6492,9 @@ pub struct PolicyStatusAutogenRulesMutateTargetsContextVariable { /// Validation is used to validate matching resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyStatusAutogenRulesValidate { + /// AllowExistingViolations allows prexisting violating resources to continue violating a policy. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowExistingViolations")] + pub allow_existing_violations: Option, /// AnyPattern specifies list of validation patterns. At least one of the patterns /// must be satisfied for the validation rule to succeed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "anyPattern")] @@ -6835,8 +6918,7 @@ pub struct PolicyStatusAutogenRulesValidateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -6850,6 +6932,10 @@ pub struct PolicyStatusAutogenRulesValidateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -7153,6 +7239,9 @@ pub struct PolicyStatusAutogenRulesValidateManifestsAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -7303,7 +7392,7 @@ pub struct PolicyStatusAutogenRulesValidateManifestsAttestorsEntriesKeys { /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -7568,6 +7657,10 @@ pub struct PolicyStatusAutogenRulesVerifyImages { /// UseCache enables caching of image verify responses for this rule. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useCache")] pub use_cache: Option, + /// Validation checks conditions across multiple image + /// verification attestations or context entries + #[serde(default, skip_serializing_if = "Option::is_none")] + pub validate: Option, /// VerifyDigest validates that images have a digest. #[serde(default, skip_serializing_if = "Option::is_none", rename = "verifyDigest")] pub verify_digest: Option, @@ -7585,6 +7678,9 @@ pub struct PolicyStatusAutogenRulesVerifyImagesAttestations { /// the attestation check is satisfied as long there are predicates that match the predicate type. #[serde(default, skip_serializing_if = "Option::is_none")] pub conditions: Option>, + /// Name is the variable name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, /// Deprecated in favour of 'Type', to be removed soon #[serde(default, skip_serializing_if = "Option::is_none", rename = "predicateType")] pub predicate_type: Option, @@ -7630,6 +7726,9 @@ pub struct PolicyStatusAutogenRulesVerifyImagesAttestationsAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -7780,7 +7879,7 @@ pub struct PolicyStatusAutogenRulesVerifyImagesAttestationsAttestorsEntriesKeys /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -7968,6 +8067,9 @@ pub struct PolicyStatusAutogenRulesVerifyImagesAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -8118,7 +8220,7 @@ pub struct PolicyStatusAutogenRulesVerifyImagesAttestorsEntriesKeys { /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -8201,6 +8303,29 @@ pub enum PolicyStatusAutogenRulesVerifyImagesType { Notary, } +/// Validation checks conditions across multiple image +/// verification attestations or context entries +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesVerifyImagesValidate { + /// Deny defines conditions used to pass or fail a validation rule. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deny: Option, + /// Message specifies a custom message to be displayed on failure. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// Deny defines conditions used to pass or fail a validation rule. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesVerifyImagesValidateDeny { + /// Multiple conditions can be declared under an `any` or `all` statement. A direct list + /// of conditions (without `any` or `all` statements) is also supported for backwards compatibility + /// but will be deprecated in the next major release. + /// See: https://kyverno.io/docs/writing-policies/validate/#deny-rules + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option, +} + /// RuleCountStatus contains four variables which describes counts for /// validate, generate, mutate and verify images rules #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/kyverno_io/v2/cleanuppolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v2/cleanuppolicies.rs index 6133516de..0cd8feebb 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2/cleanuppolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2/cleanuppolicies.rs @@ -153,8 +153,7 @@ pub struct CleanupPolicyContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -168,6 +167,10 @@ pub struct CleanupPolicyContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response diff --git a/kube-custom-resources-rs/src/kyverno_io/v2/clustercleanuppolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v2/clustercleanuppolicies.rs index ef43549b8..f13890c6a 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2/clustercleanuppolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2/clustercleanuppolicies.rs @@ -152,8 +152,7 @@ pub struct ClusterCleanupPolicyContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -167,6 +166,10 @@ pub struct ClusterCleanupPolicyContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response diff --git a/kube-custom-resources-rs/src/kyverno_io/v2alpha1/globalcontextentries.rs b/kube-custom-resources-rs/src/kyverno_io/v2alpha1/globalcontextentries.rs index 6fcd8ae11..848324730 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2alpha1/globalcontextentries.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2alpha1/globalcontextentries.rs @@ -134,6 +134,7 @@ pub struct GlobalContextEntryStatus { #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastRefreshTime")] pub last_refresh_time: Option, /// Deprecated in favor of Conditions - pub ready: bool, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ready: Option, } diff --git a/kube-custom-resources-rs/src/kyverno_io/v2beta1/cleanuppolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v2beta1/cleanuppolicies.rs index 95e01967e..3037cc9d5 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2beta1/cleanuppolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2beta1/cleanuppolicies.rs @@ -153,8 +153,7 @@ pub struct CleanupPolicyContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -168,6 +167,10 @@ pub struct CleanupPolicyContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response diff --git a/kube-custom-resources-rs/src/kyverno_io/v2beta1/clustercleanuppolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v2beta1/clustercleanuppolicies.rs index dc5d2bd8b..d1e87f176 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2beta1/clustercleanuppolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2beta1/clustercleanuppolicies.rs @@ -152,8 +152,7 @@ pub struct ClusterCleanupPolicyContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -167,6 +166,10 @@ pub struct ClusterCleanupPolicyContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response diff --git a/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs index 126c1d8f7..c109040be 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs @@ -187,8 +187,7 @@ pub struct ClusterPolicyRulesContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -202,6 +201,10 @@ pub struct ClusterPolicyRulesContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -871,8 +874,7 @@ pub struct ClusterPolicyRulesGenerateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -886,6 +888,10 @@ pub struct ClusterPolicyRulesGenerateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -1527,8 +1533,7 @@ pub struct ClusterPolicyRulesMutateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -1542,6 +1547,10 @@ pub struct ClusterPolicyRulesMutateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -1832,8 +1841,7 @@ pub struct ClusterPolicyRulesMutateTargetsContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -1847,6 +1855,10 @@ pub struct ClusterPolicyRulesMutateTargetsContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -2591,8 +2603,7 @@ pub struct ClusterPolicyRulesValidateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -2606,6 +2617,10 @@ pub struct ClusterPolicyRulesValidateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -2909,6 +2924,9 @@ pub struct ClusterPolicyRulesValidateManifestsAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -3059,7 +3077,7 @@ pub struct ClusterPolicyRulesValidateManifestsAttestorsEntriesKeys { /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -3299,6 +3317,10 @@ pub struct ClusterPolicyRulesVerifyImages { /// UseCache enables caching of image verify responses for this rule #[serde(default, skip_serializing_if = "Option::is_none", rename = "useCache")] pub use_cache: Option, + /// Validation checks conditions across multiple image + /// verification attestations or context entries + #[serde(default, skip_serializing_if = "Option::is_none")] + pub validate: Option, /// VerifyDigest validates that images have a digest. #[serde(default, skip_serializing_if = "Option::is_none", rename = "verifyDigest")] pub verify_digest: Option, @@ -3316,6 +3338,9 @@ pub struct ClusterPolicyRulesVerifyImagesAttestations { /// the attestation check is satisfied as long there are predicates that match the predicate type. #[serde(default, skip_serializing_if = "Option::is_none")] pub conditions: Option>, + /// Name is the variable name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, /// Deprecated in favour of 'Type', to be removed soon #[serde(default, skip_serializing_if = "Option::is_none", rename = "predicateType")] pub predicate_type: Option, @@ -3361,6 +3386,9 @@ pub struct ClusterPolicyRulesVerifyImagesAttestationsAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -3511,7 +3539,7 @@ pub struct ClusterPolicyRulesVerifyImagesAttestationsAttestorsEntriesKeys { /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -3699,6 +3727,9 @@ pub struct ClusterPolicyRulesVerifyImagesAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -3849,7 +3880,7 @@ pub struct ClusterPolicyRulesVerifyImagesAttestorsEntriesKeys { /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -3932,6 +3963,29 @@ pub enum ClusterPolicyRulesVerifyImagesType { Notary, } +/// Validation checks conditions across multiple image +/// verification attestations or context entries +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesVerifyImagesValidate { + /// Deny defines conditions used to pass or fail a validation rule. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deny: Option, + /// Message specifies a custom message to be displayed on failure. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// Deny defines conditions used to pass or fail a validation rule. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyRulesVerifyImagesValidateDeny { + /// Multiple conditions can be declared under an `any` or `all` statement. A direct list + /// of conditions (without `any` or `all` statements) is also supported for backwards compatibility + /// but will be deprecated in the next major release. + /// See: https://kyverno.io/docs/writing-policies/validate/#deny-rules + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option, +} + /// Spec declares policy behaviors. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ClusterPolicyValidationFailureAction { @@ -4068,7 +4122,8 @@ pub struct ClusterPolicyStatus { #[serde(default, skip_serializing_if = "Option::is_none")] pub conditions: Option>, /// Deprecated in favor of Conditions - pub ready: bool, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ready: Option, /// RuleCountStatus contains four variables which describes counts for /// validate, generate, mutate and verify images rules #[serde(default, skip_serializing_if = "Option::is_none")] @@ -4128,6 +4183,9 @@ pub struct ClusterPolicyStatusAutogenRules { /// See: https://kyverno.io/docs/writing-policies/preconditions/ #[serde(default, skip_serializing_if = "Option::is_none")] pub preconditions: Option, + /// ReportProperties are the additional properties from the rule that will be added to the policy report result + #[serde(default, skip_serializing_if = "Option::is_none", rename = "reportProperties")] + pub report_properties: Option>, /// SkipBackgroundRequests bypasses admission requests that are sent by the background controller. /// The default value is set to "true", it must be set to "false" to apply /// generate and mutateExisting rules to those requests. @@ -4189,8 +4247,7 @@ pub struct ClusterPolicyStatusAutogenRulesContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -4204,6 +4261,10 @@ pub struct ClusterPolicyStatusAutogenRulesContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -5020,8 +5081,7 @@ pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -5035,6 +5095,10 @@ pub struct ClusterPolicyStatusAutogenRulesGenerateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -5823,8 +5887,7 @@ pub struct ClusterPolicyStatusAutogenRulesMutateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -5838,6 +5901,10 @@ pub struct ClusterPolicyStatusAutogenRulesMutateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -6128,8 +6195,7 @@ pub struct ClusterPolicyStatusAutogenRulesMutateTargetsContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -6143,6 +6209,10 @@ pub struct ClusterPolicyStatusAutogenRulesMutateTargetsContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -6277,6 +6347,9 @@ pub struct ClusterPolicyStatusAutogenRulesMutateTargetsContextVariable { /// Validation is used to validate matching resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyStatusAutogenRulesValidate { + /// AllowExistingViolations allows prexisting violating resources to continue violating a policy. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowExistingViolations")] + pub allow_existing_violations: Option, /// AnyPattern specifies list of validation patterns. At least one of the patterns /// must be satisfied for the validation rule to succeed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "anyPattern")] @@ -6700,8 +6773,7 @@ pub struct ClusterPolicyStatusAutogenRulesValidateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -6715,6 +6787,10 @@ pub struct ClusterPolicyStatusAutogenRulesValidateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -7018,6 +7094,9 @@ pub struct ClusterPolicyStatusAutogenRulesValidateManifestsAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -7168,7 +7247,7 @@ pub struct ClusterPolicyStatusAutogenRulesValidateManifestsAttestorsEntriesKeys /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -7433,6 +7512,10 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImages { /// UseCache enables caching of image verify responses for this rule. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useCache")] pub use_cache: Option, + /// Validation checks conditions across multiple image + /// verification attestations or context entries + #[serde(default, skip_serializing_if = "Option::is_none")] + pub validate: Option, /// VerifyDigest validates that images have a digest. #[serde(default, skip_serializing_if = "Option::is_none", rename = "verifyDigest")] pub verify_digest: Option, @@ -7450,6 +7533,9 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImagesAttestations { /// the attestation check is satisfied as long there are predicates that match the predicate type. #[serde(default, skip_serializing_if = "Option::is_none")] pub conditions: Option>, + /// Name is the variable name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, /// Deprecated in favour of 'Type', to be removed soon #[serde(default, skip_serializing_if = "Option::is_none", rename = "predicateType")] pub predicate_type: Option, @@ -7495,6 +7581,9 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImagesAttestationsAttestorsEntri /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -7645,7 +7734,7 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImagesAttestationsAttestorsEntri /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -7833,6 +7922,9 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImagesAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -7983,7 +8075,7 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImagesAttestorsEntriesKeys { /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -8066,6 +8158,29 @@ pub enum ClusterPolicyStatusAutogenRulesVerifyImagesType { Notary, } +/// Validation checks conditions across multiple image +/// verification attestations or context entries +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesVerifyImagesValidate { + /// Deny defines conditions used to pass or fail a validation rule. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deny: Option, + /// Message specifies a custom message to be displayed on failure. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// Deny defines conditions used to pass or fail a validation rule. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPolicyStatusAutogenRulesVerifyImagesValidateDeny { + /// Multiple conditions can be declared under an `any` or `all` statement. A direct list + /// of conditions (without `any` or `all` statements) is also supported for backwards compatibility + /// but will be deprecated in the next major release. + /// See: https://kyverno.io/docs/writing-policies/validate/#deny-rules + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option, +} + /// RuleCountStatus contains four variables which describes counts for /// validate, generate, mutate and verify images rules #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs b/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs index c284df418..e4add7580 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs @@ -188,8 +188,7 @@ pub struct PolicyRulesContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -203,6 +202,10 @@ pub struct PolicyRulesContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -872,8 +875,7 @@ pub struct PolicyRulesGenerateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -887,6 +889,10 @@ pub struct PolicyRulesGenerateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -1528,8 +1534,7 @@ pub struct PolicyRulesMutateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -1543,6 +1548,10 @@ pub struct PolicyRulesMutateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -1833,8 +1842,7 @@ pub struct PolicyRulesMutateTargetsContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -1848,6 +1856,10 @@ pub struct PolicyRulesMutateTargetsContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -2592,8 +2604,7 @@ pub struct PolicyRulesValidateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -2607,6 +2618,10 @@ pub struct PolicyRulesValidateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -2910,6 +2925,9 @@ pub struct PolicyRulesValidateManifestsAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -3060,7 +3078,7 @@ pub struct PolicyRulesValidateManifestsAttestorsEntriesKeys { /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -3300,6 +3318,10 @@ pub struct PolicyRulesVerifyImages { /// UseCache enables caching of image verify responses for this rule #[serde(default, skip_serializing_if = "Option::is_none", rename = "useCache")] pub use_cache: Option, + /// Validation checks conditions across multiple image + /// verification attestations or context entries + #[serde(default, skip_serializing_if = "Option::is_none")] + pub validate: Option, /// VerifyDigest validates that images have a digest. #[serde(default, skip_serializing_if = "Option::is_none", rename = "verifyDigest")] pub verify_digest: Option, @@ -3317,6 +3339,9 @@ pub struct PolicyRulesVerifyImagesAttestations { /// the attestation check is satisfied as long there are predicates that match the predicate type. #[serde(default, skip_serializing_if = "Option::is_none")] pub conditions: Option>, + /// Name is the variable name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, /// Deprecated in favour of 'Type', to be removed soon #[serde(default, skip_serializing_if = "Option::is_none", rename = "predicateType")] pub predicate_type: Option, @@ -3362,6 +3387,9 @@ pub struct PolicyRulesVerifyImagesAttestationsAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -3512,7 +3540,7 @@ pub struct PolicyRulesVerifyImagesAttestationsAttestorsEntriesKeys { /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -3700,6 +3728,9 @@ pub struct PolicyRulesVerifyImagesAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -3850,7 +3881,7 @@ pub struct PolicyRulesVerifyImagesAttestorsEntriesKeys { /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -3933,6 +3964,29 @@ pub enum PolicyRulesVerifyImagesType { Notary, } +/// Validation checks conditions across multiple image +/// verification attestations or context entries +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesVerifyImagesValidate { + /// Deny defines conditions used to pass or fail a validation rule. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deny: Option, + /// Message specifies a custom message to be displayed on failure. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// Deny defines conditions used to pass or fail a validation rule. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyRulesVerifyImagesValidateDeny { + /// Multiple conditions can be declared under an `any` or `all` statement. A direct list + /// of conditions (without `any` or `all` statements) is also supported for backwards compatibility + /// but will be deprecated in the next major release. + /// See: https://kyverno.io/docs/writing-policies/validate/#deny-rules + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option, +} + /// Spec defines policy behaviors and contains one or more rules. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum PolicyValidationFailureAction { @@ -4069,7 +4123,8 @@ pub struct PolicyStatus { #[serde(default, skip_serializing_if = "Option::is_none")] pub conditions: Option>, /// Deprecated in favor of Conditions - pub ready: bool, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ready: Option, /// RuleCountStatus contains four variables which describes counts for /// validate, generate, mutate and verify images rules #[serde(default, skip_serializing_if = "Option::is_none")] @@ -4129,6 +4184,9 @@ pub struct PolicyStatusAutogenRules { /// See: https://kyverno.io/docs/writing-policies/preconditions/ #[serde(default, skip_serializing_if = "Option::is_none")] pub preconditions: Option, + /// ReportProperties are the additional properties from the rule that will be added to the policy report result + #[serde(default, skip_serializing_if = "Option::is_none", rename = "reportProperties")] + pub report_properties: Option>, /// SkipBackgroundRequests bypasses admission requests that are sent by the background controller. /// The default value is set to "true", it must be set to "false" to apply /// generate and mutateExisting rules to those requests. @@ -4190,8 +4248,7 @@ pub struct PolicyStatusAutogenRulesContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -4205,6 +4262,10 @@ pub struct PolicyStatusAutogenRulesContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -5021,8 +5082,7 @@ pub struct PolicyStatusAutogenRulesGenerateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -5036,6 +5096,10 @@ pub struct PolicyStatusAutogenRulesGenerateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -5824,8 +5888,7 @@ pub struct PolicyStatusAutogenRulesMutateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -5839,6 +5902,10 @@ pub struct PolicyStatusAutogenRulesMutateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -6129,8 +6196,7 @@ pub struct PolicyStatusAutogenRulesMutateTargetsContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -6144,6 +6210,10 @@ pub struct PolicyStatusAutogenRulesMutateTargetsContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -6278,6 +6348,9 @@ pub struct PolicyStatusAutogenRulesMutateTargetsContextVariable { /// Validation is used to validate matching resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyStatusAutogenRulesValidate { + /// AllowExistingViolations allows prexisting violating resources to continue violating a policy. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowExistingViolations")] + pub allow_existing_violations: Option, /// AnyPattern specifies list of validation patterns. At least one of the patterns /// must be satisfied for the validation rule to succeed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "anyPattern")] @@ -6701,8 +6774,7 @@ pub struct PolicyStatusAutogenRulesValidateForeachContext { #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] pub image_registry: Option, /// Name is the variable name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, /// Variable defines an arbitrary JMESPath context variable that can be defined inline. #[serde(default, skip_serializing_if = "Option::is_none")] pub variable: Option, @@ -6716,6 +6788,10 @@ pub struct PolicyStatusAutogenRulesValidateForeachContextApiCall { /// Only applicable when the method field is set to POST. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option>, + /// Default is an optional arbitrary JSON object that the context may take if the apiCall + /// returns error + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, /// JMESPath is an optional JSON Match Expression that can be used to /// transform the JSON response returned from the server. For example /// a JMESPath of "items | length(@)" applied to the API server response @@ -7019,6 +7095,9 @@ pub struct PolicyStatusAutogenRulesValidateManifestsAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -7169,7 +7248,7 @@ pub struct PolicyStatusAutogenRulesValidateManifestsAttestorsEntriesKeys { /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -7434,6 +7513,10 @@ pub struct PolicyStatusAutogenRulesVerifyImages { /// UseCache enables caching of image verify responses for this rule. #[serde(default, skip_serializing_if = "Option::is_none", rename = "useCache")] pub use_cache: Option, + /// Validation checks conditions across multiple image + /// verification attestations or context entries + #[serde(default, skip_serializing_if = "Option::is_none")] + pub validate: Option, /// VerifyDigest validates that images have a digest. #[serde(default, skip_serializing_if = "Option::is_none", rename = "verifyDigest")] pub verify_digest: Option, @@ -7451,6 +7534,9 @@ pub struct PolicyStatusAutogenRulesVerifyImagesAttestations { /// the attestation check is satisfied as long there are predicates that match the predicate type. #[serde(default, skip_serializing_if = "Option::is_none")] pub conditions: Option>, + /// Name is the variable name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, /// Deprecated in favour of 'Type', to be removed soon #[serde(default, skip_serializing_if = "Option::is_none", rename = "predicateType")] pub predicate_type: Option, @@ -7496,6 +7582,9 @@ pub struct PolicyStatusAutogenRulesVerifyImagesAttestationsAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -7646,7 +7735,7 @@ pub struct PolicyStatusAutogenRulesVerifyImagesAttestationsAttestorsEntriesKeys /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -7834,6 +7923,9 @@ pub struct PolicyStatusAutogenRulesVerifyImagesAttestorsEntries { /// If specified Repository will override other OCI image repository locations for this Attestor. #[serde(default, skip_serializing_if = "Option::is_none")] pub repository: Option, + /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] + pub signature_algorithm: Option, } /// Certificates specifies one or more certificates. @@ -7984,7 +8076,7 @@ pub struct PolicyStatusAutogenRulesVerifyImagesAttestorsEntriesKeys { /// Reference to a Secret resource that contains a public key #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// Specify signature algorithm for public keys. Supported values are sha224, sha256, sha384 and sha512. + /// Deprecated. Use attestor.signatureAlgorithm instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "signatureAlgorithm")] pub signature_algorithm: Option, } @@ -8067,6 +8159,29 @@ pub enum PolicyStatusAutogenRulesVerifyImagesType { Notary, } +/// Validation checks conditions across multiple image +/// verification attestations or context entries +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesVerifyImagesValidate { + /// Deny defines conditions used to pass or fail a validation rule. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deny: Option, + /// Message specifies a custom message to be displayed on failure. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// Deny defines conditions used to pass or fail a validation rule. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyStatusAutogenRulesVerifyImagesValidateDeny { + /// Multiple conditions can be declared under an `any` or `all` statement. A direct list + /// of conditions (without `any` or `all` statements) is also supported for backwards compatibility + /// but will be deprecated in the next major release. + /// See: https://kyverno.io/docs/writing-policies/validate/#deny-rules + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option, +} + /// RuleCountStatus contains four variables which describes counts for /// validate, generate, mutate and verify images rules #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/longhorn_io/v1beta2/instancemanagers.rs b/kube-custom-resources-rs/src/longhorn_io/v1beta2/instancemanagers.rs index 94f1ec769..ba3767942 100644 --- a/kube-custom-resources-rs/src/longhorn_io/v1beta2/instancemanagers.rs +++ b/kube-custom-resources-rs/src/longhorn_io/v1beta2/instancemanagers.rs @@ -21,6 +21,8 @@ use self::prelude::*; pub struct InstanceManagerSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataEngine")] pub data_engine: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataEngineSpec")] + pub data_engine_spec: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeID")] @@ -29,6 +31,18 @@ pub struct InstanceManagerSpec { pub r#type: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceManagerDataEngineSpec { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub v2: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceManagerDataEngineSpecV2 { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cpuMask")] + pub cpu_mask: Option, +} + /// InstanceManagerSpec defines the desired state of the Longhorn instance manager #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum InstanceManagerType { @@ -49,6 +63,8 @@ pub struct InstanceManagerStatus { pub api_version: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "currentState")] pub current_state: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataEngineStatus")] + pub data_engine_status: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "instanceEngines")] pub instance_engines: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "instanceReplicas")] @@ -66,6 +82,18 @@ pub struct InstanceManagerStatus { pub proxy_api_version: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceManagerStatusDataEngineStatus { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub v2: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstanceManagerStatusDataEngineStatusV2 { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cpuMask")] + pub cpu_mask: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InstanceManagerStatusInstanceEngines { #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/metal3_io/v1alpha1/hardwaredata.rs b/kube-custom-resources-rs/src/metal3_io/v1alpha1/hardwaredata.rs index 6cb73a005..802e5b1eb 100644 --- a/kube-custom-resources-rs/src/metal3_io/v1alpha1/hardwaredata.rs +++ b/kube-custom-resources-rs/src/metal3_io/v1alpha1/hardwaredata.rs @@ -25,26 +25,29 @@ pub struct HardwareDataSpec { /// The hardware discovered on the host during its inspection. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct HardwareDataHardware { - /// CPU describes one processor on the host. + /// Details of the CPU(s) in the system. #[serde(default, skip_serializing_if = "Option::is_none")] pub cpu: Option, - /// Firmware describes the firmware on the host. + /// System firmware information. #[serde(default, skip_serializing_if = "Option::is_none")] pub firmware: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub hostname: Option, + /// List of network interfaces for the host. #[serde(default, skip_serializing_if = "Option::is_none")] pub nics: Option>, + /// The host's amount of memory in Mebibytes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ramMebibytes")] pub ram_mebibytes: Option, + /// List of storage (disk, SSD, etc.) available to the host. #[serde(default, skip_serializing_if = "Option::is_none")] pub storage: Option>, - /// HardwareSystemVendor stores details about the whole hardware system. + /// System vendor information. #[serde(default, skip_serializing_if = "Option::is_none", rename = "systemVendor")] pub system_vendor: Option, } -/// CPU describes one processor on the host. +/// Details of the CPU(s) in the system. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct HardwareDataHardwareCpu { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -60,7 +63,7 @@ pub struct HardwareDataHardwareCpu { pub model: Option, } -/// Firmware describes the firmware on the host. +/// System firmware information. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct HardwareDataHardwareFirmware { /// The BIOS for this firmware @@ -173,7 +176,7 @@ pub enum HardwareDataHardwareStorageType { Nvme, } -/// HardwareSystemVendor stores details about the whole hardware system. +/// System vendor information. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct HardwareDataHardwareSystemVendor { #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs index 9d2d99daa..22eebf379 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs @@ -18,9 +18,6 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct ScrapeConfigSpec { - /// NomadSDConfigs defines a list of Nomad service discovery configurations. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "NomadSDConfigs")] - pub nomad_sd_configs: Option>, /// Authorization header to use on every scrape request. #[serde(default, skip_serializing_if = "Option::is_none")] pub authorization: Option, @@ -76,6 +73,9 @@ pub struct ScrapeConfigSpec { /// HTTPSDConfigs defines a list of HTTP service discovery configurations. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpSDConfigs")] pub http_sd_configs: Option>, + /// IonosSDConfigs defines a list of IONOS service discovery configurations. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ionosSDConfigs")] + pub ionos_sd_configs: Option>, /// The value of the `job` label assigned to the scraped metrics by default. /// /// The `job_name` field in the rendered scrape configuration is always controlled by the @@ -126,7 +126,10 @@ pub struct ScrapeConfigSpec { /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, - /// OAuth2 client credentials used to fetch a token for the targets. + /// NomadSDConfigs defines a list of Nomad service discovery configurations. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nomadSDConfigs")] + pub nomad_sd_configs: Option>, + /// OAuth2 configuration to use on every scrape request. #[serde(default, skip_serializing_if = "Option::is_none")] pub oauth2: Option, /// OpenStackSDConfigs defines a list of OpenStack service discovery configurations. @@ -206,26 +209,178 @@ pub struct ScrapeConfigSpec { pub track_timestamps_staleness: Option, } -/// NomadSDConfig configurations allow retrieving scrape targets from Nomad's Service API. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#nomad_sd_config +/// Authorization header to use on every scrape request. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigs { - /// The information to access the Nomad API. It is to be defined - /// as the Nomad documentation requires. +pub struct ScrapeConfigAuthorization { + /// Selects a key of a Secret in the namespace that contains the credentials for authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Defines the authentication type. The value is case-insensitive. + /// + /// "Basic" is not a supported value. + /// + /// Default: "Bearer" + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// Selects a key of a Secret in the namespace that contains the credentials for authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigAuthorizationCredentials { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// AzureSDConfig allow retrieving scrape targets from Azure VMs. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#azure_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigAzureSdConfigs { + /// # The authentication method, either `OAuth` or `ManagedIdentity` or `SDK`. + /// See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview + /// SDK authentication method uses environment variables by default. + /// See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authenticationMethod")] + pub authentication_method: Option, + /// Optional client ID. Only required with the OAuth authentication method. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientID")] + pub client_id: Option, + /// Optional client secret. Only required with the OAuth authentication method. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientSecret")] + pub client_secret: Option, + /// The Azure environment. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub environment: Option, + /// The port to scrape metrics from. If using the public IP address, this must + /// instead be specified in the relabeling rule. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] + pub refresh_interval: Option, + /// Optional resource group name. Limits discovery to this resource group. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceGroup")] + pub resource_group: Option, + /// The subscription ID. Always required. + #[serde(rename = "subscriptionID")] + pub subscription_id: String, + /// Optional tenant ID. Only required with the OAuth authentication method. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tenantID")] + pub tenant_id: Option, +} + +/// AzureSDConfig allow retrieving scrape targets from Azure VMs. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#azure_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigAzureSdConfigsAuthenticationMethod { + OAuth, + ManagedIdentity, + #[serde(rename = "SDK")] + Sdk, +} + +/// Optional client secret. Only required with the OAuth authentication method. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigAzureSdConfigsClientSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// BasicAuth information to use on every scrape request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigBasicAuth { + /// `password` specifies a key of a Secret containing the password for + /// authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub password: Option, + /// `username` specifies a key of a Secret containing the username for + /// authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub username: Option, +} + +/// `password` specifies a key of a Secret containing the password for +/// authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigBasicAuthPassword { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// `username` specifies a key of a Secret containing the username for +/// authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigBasicAuthUsername { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// ConsulSDConfig defines a Consul service discovery configuration +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigConsulSdConfigs { + /// Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + /// If unset, Prometheus uses its default value. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowStale")] pub allow_stale: Option, - /// Authorization header to use on every scrape request. + /// Authorization header configuration to authenticate against the Consul Server. #[serde(default, skip_serializing_if = "Option::is_none")] - pub authorization: Option, - /// BasicAuth information to use on every scrape request. + pub authorization: Option, + /// BasicAuth information to authenticate against the Consul Server. + /// More info: https://prometheus.io/docs/operating/configuration/#endpoints #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] - pub basic_auth: Option, + pub basic_auth: Option, + /// Consul Datacenter name, if not provided it will use the local Consul Agent Datacenter. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub datacenter: Option, /// Whether to enable HTTP2. + /// If unset, Prometheus uses its default value. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] pub enable_http2: Option, /// Configure whether HTTP requests follow HTTP 3xx redirects. + /// If unset, Prometheus uses its default value. #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] pub follow_redirects: Option, + /// Namespaces are only supported in Consul Enterprise. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -235,16 +390,21 @@ pub struct ScrapeConfigNomadSdConfigs { /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, + /// Node metadata key/value pairs to filter nodes for a given service. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeMeta")] + pub node_meta: Option>, /// Optional OAuth 2.0 configuration. - /// Cannot be set at the same time as `authorization` or `basic_auth`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub oauth2: Option, + pub oauth2: Option, + /// Admin Partitions are only supported in Consul Enterprise. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub partition: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -254,27 +414,40 @@ pub struct ScrapeConfigNomadSdConfigs { /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, - /// Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function. - /// Supported units: y, w, d, h, m, s, ms - /// Examples: `30s`, `1m`, `1h20m15s`, `15d` + /// The time after which the provided names are refreshed. + /// On large setup it might be a good idea to increase this value because the catalog will change all the time. + /// If unset, Prometheus uses its default value. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, + /// HTTP Scheme default "http" #[serde(default, skip_serializing_if = "Option::is_none")] - pub region: Option, + pub scheme: Option, + /// A valid string consisting of a hostname or IP followed by an optional port number. pub server: String, + /// A list of services for which targets are retrieved. If omitted, all services are scraped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub services: Option>, + /// The string by which Consul tags are joined into the tag label. + /// If unset, Prometheus uses its default value. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tagSeparator")] pub tag_separator: Option, - /// TLS configuration applying to the target HTTP endpoint. + /// An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tags: Option>, + /// TLS Config #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, + /// Consul ACL TokenRef, if not provided it will use the ACL from the local Consul Agent. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenRef")] + pub token_ref: Option, } -/// Authorization header to use on every scrape request. +/// Authorization header configuration to authenticate against the Consul Server. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsAuthorization { +pub struct ScrapeConfigConsulSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub credentials: Option, + pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// /// "Basic" is not a supported value. @@ -286,7 +459,7 @@ pub struct ScrapeConfigNomadSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsAuthorizationCredentials { +pub struct ScrapeConfigConsulSdConfigsAuthorizationCredentials { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -301,23 +474,24 @@ pub struct ScrapeConfigNomadSdConfigsAuthorizationCredentials { pub optional: Option, } -/// BasicAuth information to use on every scrape request. +/// BasicAuth information to authenticate against the Consul Server. +/// More info: https://prometheus.io/docs/operating/configuration/#endpoints #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsBasicAuth { +pub struct ScrapeConfigConsulSdConfigsBasicAuth { /// `password` specifies a key of a Secret containing the password for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub password: Option, + pub password: Option, /// `username` specifies a key of a Secret containing the username for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub username: Option, + pub username: Option, } /// `password` specifies a key of a Secret containing the password for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsBasicAuthPassword { +pub struct ScrapeConfigConsulSdConfigsBasicAuthPassword { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -335,7 +509,7 @@ pub struct ScrapeConfigNomadSdConfigsBasicAuthPassword { /// `username` specifies a key of a Secret containing the username for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsBasicAuthUsername { +pub struct ScrapeConfigConsulSdConfigsBasicAuthUsername { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -351,17 +525,16 @@ pub struct ScrapeConfigNomadSdConfigsBasicAuthUsername { } /// Optional OAuth 2.0 configuration. -/// Cannot be set at the same time as `authorization` or `basic_auth`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsOauth2 { +pub struct ScrapeConfigConsulSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[serde(rename = "clientId")] - pub client_id: ScrapeConfigNomadSdConfigsOauth2ClientId, + pub client_id: ScrapeConfigConsulSdConfigsOauth2ClientId, /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[serde(rename = "clientSecret")] - pub client_secret: ScrapeConfigNomadSdConfigsOauth2ClientSecret, + pub client_secret: ScrapeConfigConsulSdConfigsOauth2ClientSecret, /// `endpointParams` configures the HTTP parameters to append to the token /// URL. #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] @@ -378,7 +551,7 @@ pub struct ScrapeConfigNomadSdConfigsOauth2 { /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -394,7 +567,7 @@ pub struct ScrapeConfigNomadSdConfigsOauth2 { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, /// `tokenURL` configures the URL to fetch the token from. #[serde(rename = "tokenUrl")] pub token_url: String, @@ -403,18 +576,18 @@ pub struct ScrapeConfigNomadSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsOauth2ClientId { +pub struct ScrapeConfigConsulSdConfigsOauth2ClientId { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsOauth2ClientIdConfigMap { +pub struct ScrapeConfigConsulSdConfigsOauth2ClientIdConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -431,7 +604,7 @@ pub struct ScrapeConfigNomadSdConfigsOauth2ClientIdConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsOauth2ClientIdSecret { +pub struct ScrapeConfigConsulSdConfigsOauth2ClientIdSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -449,7 +622,7 @@ pub struct ScrapeConfigNomadSdConfigsOauth2ClientIdSecret { /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsOauth2ClientSecret { +pub struct ScrapeConfigConsulSdConfigsOauth2ClientSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -466,7 +639,7 @@ pub struct ScrapeConfigNomadSdConfigsOauth2ClientSecret { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsOauth2ProxyConnectHeader { +pub struct ScrapeConfigConsulSdConfigsOauth2ProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -484,29 +657,29 @@ pub struct ScrapeConfigNomadSdConfigsOauth2ProxyConnectHeader { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfig { +pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -514,18 +687,18 @@ pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCa { +pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCaConfigMap { +pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -542,7 +715,7 @@ pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCaSecret { +pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -559,18 +732,18 @@ pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCert { +pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCertConfigMap { +pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -587,7 +760,7 @@ pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCertSecret { +pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -604,7 +777,7 @@ pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigKeySecret { +pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -622,7 +795,7 @@ pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigKeySecret { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigNomadSdConfigsOauth2TlsConfigMaxVersion { +pub enum ScrapeConfigConsulSdConfigsOauth2TlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -636,7 +809,7 @@ pub enum ScrapeConfigNomadSdConfigsOauth2TlsConfigMaxVersion { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigNomadSdConfigsOauth2TlsConfigMinVersion { +pub enum ScrapeConfigConsulSdConfigsOauth2TlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -649,7 +822,7 @@ pub enum ScrapeConfigNomadSdConfigsOauth2TlsConfigMinVersion { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsProxyConnectHeader { +pub struct ScrapeConfigConsulSdConfigsProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -664,31 +837,41 @@ pub struct ScrapeConfigNomadSdConfigsProxyConnectHeader { pub optional: Option, } -/// TLS configuration applying to the target HTTP endpoint. +/// ConsulSDConfig defines a Consul service discovery configuration +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigConsulSdConfigsScheme { + #[serde(rename = "HTTP")] + Http, + #[serde(rename = "HTTPS")] + Https, +} + +/// TLS Config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsTlsConfig { +pub struct ScrapeConfigConsulSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -696,18 +879,18 @@ pub struct ScrapeConfigNomadSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsTlsConfigCa { +pub struct ScrapeConfigConsulSdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsTlsConfigCaConfigMap { +pub struct ScrapeConfigConsulSdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -724,7 +907,7 @@ pub struct ScrapeConfigNomadSdConfigsTlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsTlsConfigCaSecret { +pub struct ScrapeConfigConsulSdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -741,18 +924,18 @@ pub struct ScrapeConfigNomadSdConfigsTlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsTlsConfigCert { +pub struct ScrapeConfigConsulSdConfigsTlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsTlsConfigCertConfigMap { +pub struct ScrapeConfigConsulSdConfigsTlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -769,7 +952,7 @@ pub struct ScrapeConfigNomadSdConfigsTlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsTlsConfigCertSecret { +pub struct ScrapeConfigConsulSdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -786,7 +969,7 @@ pub struct ScrapeConfigNomadSdConfigsTlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigNomadSdConfigsTlsConfigKeySecret { +pub struct ScrapeConfigConsulSdConfigsTlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -801,9 +984,9 @@ pub struct ScrapeConfigNomadSdConfigsTlsConfigKeySecret { pub optional: Option, } -/// TLS configuration applying to the target HTTP endpoint. +/// TLS Config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigNomadSdConfigsTlsConfigMaxVersion { +pub enum ScrapeConfigConsulSdConfigsTlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -814,9 +997,9 @@ pub enum ScrapeConfigNomadSdConfigsTlsConfigMaxVersion { Tls13, } -/// TLS configuration applying to the target HTTP endpoint. +/// TLS Config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigNomadSdConfigsTlsConfigMinVersion { +pub enum ScrapeConfigConsulSdConfigsTlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -827,24 +1010,9 @@ pub enum ScrapeConfigNomadSdConfigsTlsConfigMinVersion { Tls13, } -/// Authorization header to use on every scrape request. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigAuthorization { - /// Selects a key of a Secret in the namespace that contains the credentials for authentication. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub credentials: Option, - /// Defines the authentication type. The value is case-insensitive. - /// - /// "Basic" is not a supported value. - /// - /// Default: "Bearer" - #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] - pub r#type: Option, -} - -/// Selects a key of a Secret in the namespace that contains the credentials for authentication. +/// Consul ACL TokenRef, if not provided it will use the ACL from the local Consul Agent. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigAuthorizationCredentials { +pub struct ScrapeConfigConsulSdConfigsTokenRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -859,87 +1027,77 @@ pub struct ScrapeConfigAuthorizationCredentials { pub optional: Option, } -/// AzureSDConfig allow retrieving scrape targets from Azure VMs. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#azure_sd_config +/// DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. +/// This service discovery uses the public IPv4 address by default, by that can be changed with relabeling +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigAzureSdConfigs { - /// # The authentication method, either `OAuth` or `ManagedIdentity` or `SDK`. - /// See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview - /// SDK authentication method uses environment variables by default. - /// See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication - #[serde(default, skip_serializing_if = "Option::is_none", rename = "authenticationMethod")] - pub authentication_method: Option, - /// Optional client ID. Only required with the OAuth authentication method. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientID")] - pub client_id: Option, - /// Optional client secret. Only required with the OAuth authentication method. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientSecret")] - pub client_secret: Option, - /// The Azure environment. +pub struct ScrapeConfigDigitalOceanSdConfigs { + /// Authorization header configuration to authenticate against the DigitalOcean API. + /// Cannot be set at the same time as `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub environment: Option, - /// The port to scrape metrics from. If using the public IP address, this must - /// instead be specified in the relabeling rule. + pub authorization: Option, + /// Whether to enable HTTP2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] + pub enable_http2: Option, + /// Configure whether HTTP requests follow HTTP 3xx redirects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] + pub follow_redirects: Option, + /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + /// that should be excluded from proxying. IP and domain names can + /// contain port numbers. + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] + pub no_proxy: Option, + /// Optional OAuth 2.0 configuration. + /// Cannot be set at the same time as `authorization`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// The port to scrape metrics from. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, - /// RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list. + /// ProxyConnectHeader optionally specifies headers to send to + /// proxies during CONNECT requests. + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] + pub proxy_connect_header: Option>, + /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + /// If unset, Prometheus uses its default value. + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] + pub proxy_from_environment: Option, + /// `proxyURL` defines the HTTP proxy server to use. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] + pub proxy_url: Option, + /// Refresh interval to re-read the instance list. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, - /// Optional resource group name. Limits discovery to this resource group. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceGroup")] - pub resource_group: Option, - /// The subscription ID. Always required. - #[serde(rename = "subscriptionID")] - pub subscription_id: String, - /// Optional tenant ID. Only required with the OAuth authentication method. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "tenantID")] - pub tenant_id: Option, -} - -/// AzureSDConfig allow retrieving scrape targets from Azure VMs. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#azure_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigAzureSdConfigsAuthenticationMethod { - OAuth, - ManagedIdentity, - #[serde(rename = "SDK")] - Sdk, -} - -/// Optional client secret. Only required with the OAuth authentication method. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigAzureSdConfigsClientSecret { - /// The key of the secret to select from. Must be a valid secret key. - pub key: String, - /// Name of the referent. - /// This field is effectively required, but due to backwards compatibility is - /// allowed to be empty. Instances of this type with an empty value here are - /// almost certainly wrong. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the Secret or its key must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, + /// TLS configuration applying to the target HTTP endpoint. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] + pub tls_config: Option, } -/// BasicAuth information to use on every scrape request. +/// Authorization header configuration to authenticate against the DigitalOcean API. +/// Cannot be set at the same time as `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigBasicAuth { - /// `password` specifies a key of a Secret containing the password for - /// authentication. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub password: Option, - /// `username` specifies a key of a Secret containing the username for - /// authentication. +pub struct ScrapeConfigDigitalOceanSdConfigsAuthorization { + /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub username: Option, + pub credentials: Option, + /// Defines the authentication type. The value is case-insensitive. + /// + /// "Basic" is not a supported value. + /// + /// Default: "Bearer" + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, } -/// `password` specifies a key of a Secret containing the password for -/// authentication. +/// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigBasicAuthPassword { +pub struct ScrapeConfigDigitalOceanSdConfigsAuthorizationCredentials { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -954,205 +1112,18 @@ pub struct ScrapeConfigBasicAuthPassword { pub optional: Option, } -/// `username` specifies a key of a Secret containing the username for -/// authentication. +/// Optional OAuth 2.0 configuration. +/// Cannot be set at the same time as `authorization`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigBasicAuthUsername { - /// The key of the secret to select from. Must be a valid secret key. - pub key: String, - /// Name of the referent. - /// This field is effectively required, but due to backwards compatibility is - /// allowed to be empty. Instances of this type with an empty value here are - /// almost certainly wrong. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the Secret or its key must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -/// ConsulSDConfig defines a Consul service discovery configuration -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigs { - /// Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - /// If unset, Prometheus uses its default value. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowStale")] - pub allow_stale: Option, - /// Authorization header configuration to authenticate against the Consul Server. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub authorization: Option, - /// BasicAuth information to authenticate against the Consul Server. - /// More info: https://prometheus.io/docs/operating/configuration/#endpoints - #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] - pub basic_auth: Option, - /// Consul Datacenter name, if not provided it will use the local Consul Agent Datacenter. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub datacenter: Option, - /// Whether to enable HTTP2. - /// If unset, Prometheus uses its default value. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] - pub enable_http2: Option, - /// Configure whether HTTP requests follow HTTP 3xx redirects. - /// If unset, Prometheus uses its default value. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] - pub follow_redirects: Option, - /// Namespaces are only supported in Consul Enterprise. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespace: Option, - /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - /// that should be excluded from proxying. IP and domain names can - /// contain port numbers. - /// - /// It requires Prometheus >= v2.43.0. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] - pub no_proxy: Option, - /// Node metadata key/value pairs to filter nodes for a given service. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeMeta")] - pub node_meta: Option>, - /// Optional OAuth 2.0 configuration. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub oauth2: Option, - /// Admin Partitions are only supported in Consul Enterprise. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub partition: Option, - /// ProxyConnectHeader optionally specifies headers to send to - /// proxies during CONNECT requests. - /// - /// It requires Prometheus >= v2.43.0. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, - /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - /// If unset, Prometheus uses its default value. - /// - /// It requires Prometheus >= v2.43.0. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] - pub proxy_from_environment: Option, - /// `proxyURL` defines the HTTP proxy server to use. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, - /// The time after which the provided names are refreshed. - /// On large setup it might be a good idea to increase this value because the catalog will change all the time. - /// If unset, Prometheus uses its default value. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] - pub refresh_interval: Option, - /// HTTP Scheme default "http" - #[serde(default, skip_serializing_if = "Option::is_none")] - pub scheme: Option, - /// A valid string consisting of a hostname or IP followed by an optional port number. - pub server: String, - /// A list of services for which targets are retrieved. If omitted, all services are scraped. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub services: Option>, - /// The string by which Consul tags are joined into the tag label. - /// If unset, Prometheus uses its default value. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "tagSeparator")] - pub tag_separator: Option, - /// An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tags: Option>, - /// TLS Config - #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, - /// Consul ACL TokenRef, if not provided it will use the ACL from the local Consul Agent. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenRef")] - pub token_ref: Option, -} - -/// Authorization header configuration to authenticate against the Consul Server. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsAuthorization { - /// Selects a key of a Secret in the namespace that contains the credentials for authentication. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub credentials: Option, - /// Defines the authentication type. The value is case-insensitive. - /// - /// "Basic" is not a supported value. - /// - /// Default: "Bearer" - #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] - pub r#type: Option, -} - -/// Selects a key of a Secret in the namespace that contains the credentials for authentication. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsAuthorizationCredentials { - /// The key of the secret to select from. Must be a valid secret key. - pub key: String, - /// Name of the referent. - /// This field is effectively required, but due to backwards compatibility is - /// allowed to be empty. Instances of this type with an empty value here are - /// almost certainly wrong. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the Secret or its key must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -/// BasicAuth information to authenticate against the Consul Server. -/// More info: https://prometheus.io/docs/operating/configuration/#endpoints -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsBasicAuth { - /// `password` specifies a key of a Secret containing the password for - /// authentication. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub password: Option, - /// `username` specifies a key of a Secret containing the username for - /// authentication. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub username: Option, -} - -/// `password` specifies a key of a Secret containing the password for -/// authentication. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsBasicAuthPassword { - /// The key of the secret to select from. Must be a valid secret key. - pub key: String, - /// Name of the referent. - /// This field is effectively required, but due to backwards compatibility is - /// allowed to be empty. Instances of this type with an empty value here are - /// almost certainly wrong. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the Secret or its key must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -/// `username` specifies a key of a Secret containing the username for -/// authentication. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsBasicAuthUsername { - /// The key of the secret to select from. Must be a valid secret key. - pub key: String, - /// Name of the referent. - /// This field is effectively required, but due to backwards compatibility is - /// allowed to be empty. Instances of this type with an empty value here are - /// almost certainly wrong. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the Secret or its key must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -/// Optional OAuth 2.0 configuration. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsOauth2 { +pub struct ScrapeConfigDigitalOceanSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[serde(rename = "clientId")] - pub client_id: ScrapeConfigConsulSdConfigsOauth2ClientId, + pub client_id: ScrapeConfigDigitalOceanSdConfigsOauth2ClientId, /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[serde(rename = "clientSecret")] - pub client_secret: ScrapeConfigConsulSdConfigsOauth2ClientSecret, + pub client_secret: ScrapeConfigDigitalOceanSdConfigsOauth2ClientSecret, /// `endpointParams` configures the HTTP parameters to append to the token /// URL. #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] @@ -1169,7 +1140,7 @@ pub struct ScrapeConfigConsulSdConfigsOauth2 { /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -1185,7 +1156,7 @@ pub struct ScrapeConfigConsulSdConfigsOauth2 { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, /// `tokenURL` configures the URL to fetch the token from. #[serde(rename = "tokenUrl")] pub token_url: String, @@ -1194,18 +1165,18 @@ pub struct ScrapeConfigConsulSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsOauth2ClientId { +pub struct ScrapeConfigDigitalOceanSdConfigsOauth2ClientId { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsOauth2ClientIdConfigMap { +pub struct ScrapeConfigDigitalOceanSdConfigsOauth2ClientIdConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -1222,7 +1193,7 @@ pub struct ScrapeConfigConsulSdConfigsOauth2ClientIdConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsOauth2ClientIdSecret { +pub struct ScrapeConfigDigitalOceanSdConfigsOauth2ClientIdSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -1240,7 +1211,7 @@ pub struct ScrapeConfigConsulSdConfigsOauth2ClientIdSecret { /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsOauth2ClientSecret { +pub struct ScrapeConfigDigitalOceanSdConfigsOauth2ClientSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -1257,7 +1228,7 @@ pub struct ScrapeConfigConsulSdConfigsOauth2ClientSecret { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsOauth2ProxyConnectHeader { +pub struct ScrapeConfigDigitalOceanSdConfigsOauth2ProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -1275,29 +1246,29 @@ pub struct ScrapeConfigConsulSdConfigsOauth2ProxyConnectHeader { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfig { +pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -1305,18 +1276,18 @@ pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCa { +pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCaConfigMap { +pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -1333,7 +1304,7 @@ pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCaSecret { +pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -1350,18 +1321,18 @@ pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCert { +pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCertConfigMap { +pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -1378,7 +1349,7 @@ pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCertSecret { +pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -1395,7 +1366,7 @@ pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigKeySecret { +pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -1413,7 +1384,7 @@ pub struct ScrapeConfigConsulSdConfigsOauth2TlsConfigKeySecret { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigConsulSdConfigsOauth2TlsConfigMaxVersion { +pub enum ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -1427,7 +1398,7 @@ pub enum ScrapeConfigConsulSdConfigsOauth2TlsConfigMaxVersion { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigConsulSdConfigsOauth2TlsConfigMinVersion { +pub enum ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -1440,7 +1411,7 @@ pub enum ScrapeConfigConsulSdConfigsOauth2TlsConfigMinVersion { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsProxyConnectHeader { +pub struct ScrapeConfigDigitalOceanSdConfigsProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -1455,41 +1426,31 @@ pub struct ScrapeConfigConsulSdConfigsProxyConnectHeader { pub optional: Option, } -/// ConsulSDConfig defines a Consul service discovery configuration -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigConsulSdConfigsScheme { - #[serde(rename = "HTTP")] - Http, - #[serde(rename = "HTTPS")] - Https, -} - -/// TLS Config +/// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsTlsConfig { +pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -1497,18 +1458,18 @@ pub struct ScrapeConfigConsulSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsTlsConfigCa { +pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsTlsConfigCaConfigMap { +pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -1525,7 +1486,7 @@ pub struct ScrapeConfigConsulSdConfigsTlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsTlsConfigCaSecret { +pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -1542,18 +1503,18 @@ pub struct ScrapeConfigConsulSdConfigsTlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsTlsConfigCert { +pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsTlsConfigCertConfigMap { +pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -1570,7 +1531,7 @@ pub struct ScrapeConfigConsulSdConfigsTlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsTlsConfigCertSecret { +pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -1587,7 +1548,7 @@ pub struct ScrapeConfigConsulSdConfigsTlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsTlsConfigKeySecret { +pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -1602,9 +1563,9 @@ pub struct ScrapeConfigConsulSdConfigsTlsConfigKeySecret { pub optional: Option, } -/// TLS Config +/// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigConsulSdConfigsTlsConfigMaxVersion { +pub enum ScrapeConfigDigitalOceanSdConfigsTlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -1615,9 +1576,9 @@ pub enum ScrapeConfigConsulSdConfigsTlsConfigMaxVersion { Tls13, } -/// TLS Config +/// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigConsulSdConfigsTlsConfigMinVersion { +pub enum ScrapeConfigDigitalOceanSdConfigsTlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -1628,38 +1589,78 @@ pub enum ScrapeConfigConsulSdConfigsTlsConfigMinVersion { Tls13, } -/// Consul ACL TokenRef, if not provided it will use the ACL from the local Consul Agent. +/// DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. +/// The DNS servers to be contacted are read from /etc/resolv.conf. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigConsulSdConfigsTokenRef { - /// The key of the secret to select from. Must be a valid secret key. - pub key: String, - /// Name of the referent. - /// This field is effectively required, but due to backwards compatibility is - /// allowed to be empty. Instances of this type with an empty value here are - /// almost certainly wrong. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the Secret or its key must be defined +pub struct ScrapeConfigDnsSdConfigs { + /// A list of DNS domain names to be queried. + pub names: Vec, + /// The port number used if the query type is not SRV + /// Ignored for SRV records #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, + pub port: Option, + /// RefreshInterval configures the time after which the provided names are refreshed. + /// If not set, Prometheus uses its default value. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] + pub refresh_interval: Option, + /// The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + /// If not set, Prometheus uses its default value. + /// + /// When set to NS, it requires Prometheus >= v2.49.0. + /// When set to MX, it requires Prometheus >= v2.38.0 + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, } -/// DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. -/// This service discovery uses the public IPv4 address by default, by that can be changed with relabeling -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config +/// DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. +/// The DNS servers to be contacted are read from /etc/resolv.conf. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigDnsSdConfigsType { + A, + #[serde(rename = "AAAA")] + Aaaa, + #[serde(rename = "MX")] + Mx, + #[serde(rename = "NS")] + Ns, + #[serde(rename = "SRV")] + Srv, +} + +/// Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. +/// This SD discovers "containers" and will create a target for each network IP and +/// port the container is configured to expose. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigs { - /// Authorization header configuration to authenticate against the DigitalOcean API. +pub struct ScrapeConfigDockerSdConfigs { + /// Authorization header configuration to authenticate against the Docker API. /// Cannot be set at the same time as `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub authorization: Option, + pub authorization: Option, + /// BasicAuth information to use on every scrape request. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] + pub basic_auth: Option, /// Whether to enable HTTP2. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] pub enable_http2: Option, + /// Optional filters to limit the discovery process to a subset of the available resources. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub filters: Option>, /// Configure whether HTTP requests follow HTTP 3xx redirects. #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] pub follow_redirects: Option, + /// Address of the docker daemon + pub host: String, + /// The host to use if the container is in host networking mode. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostNetworkingHost")] + pub host_networking_host: Option, + /// Configure whether to match the first network if the container has multiple networks defined. + /// If unset, Prometheus uses true by default. + /// It requires Prometheus >= v2.54.1. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFirstNetwork")] + pub match_first_network: Option, /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names /// that should be excluded from proxying. IP and domain names can /// contain port numbers. @@ -1670,7 +1671,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigs { /// Optional OAuth 2.0 configuration. /// Cannot be set at the same time as `authorization`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub oauth2: Option, + pub oauth2: Option, /// The port to scrape metrics from. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, @@ -1679,7 +1680,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigs { /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -1689,21 +1690,21 @@ pub struct ScrapeConfigDigitalOceanSdConfigs { /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, - /// Refresh interval to re-read the instance list. + /// Time after which the container is refreshed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, /// TLS configuration applying to the target HTTP endpoint. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, } -/// Authorization header configuration to authenticate against the DigitalOcean API. +/// Authorization header configuration to authenticate against the Docker API. /// Cannot be set at the same time as `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsAuthorization { +pub struct ScrapeConfigDockerSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub credentials: Option, + pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// /// "Basic" is not a supported value. @@ -1715,7 +1716,38 @@ pub struct ScrapeConfigDigitalOceanSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsAuthorizationCredentials { +pub struct ScrapeConfigDockerSdConfigsAuthorizationCredentials { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// BasicAuth information to use on every scrape request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigDockerSdConfigsBasicAuth { + /// `password` specifies a key of a Secret containing the password for + /// authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub password: Option, + /// `username` specifies a key of a Secret containing the username for + /// authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub username: Option, +} + +/// `password` specifies a key of a Secret containing the password for +/// authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigDockerSdConfigsBasicAuthPassword { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -1730,18 +1762,45 @@ pub struct ScrapeConfigDigitalOceanSdConfigsAuthorizationCredentials { pub optional: Option, } +/// `username` specifies a key of a Secret containing the username for +/// authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigDockerSdConfigsBasicAuthUsername { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Filter name and value pairs to limit the discovery process to a subset of available resources. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigDockerSdConfigsFilters { + /// Name of the Filter. + pub name: String, + /// Value to filter on. + pub values: Vec, +} + /// Optional OAuth 2.0 configuration. /// Cannot be set at the same time as `authorization`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsOauth2 { +pub struct ScrapeConfigDockerSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[serde(rename = "clientId")] - pub client_id: ScrapeConfigDigitalOceanSdConfigsOauth2ClientId, + pub client_id: ScrapeConfigDockerSdConfigsOauth2ClientId, /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[serde(rename = "clientSecret")] - pub client_secret: ScrapeConfigDigitalOceanSdConfigsOauth2ClientSecret, + pub client_secret: ScrapeConfigDockerSdConfigsOauth2ClientSecret, /// `endpointParams` configures the HTTP parameters to append to the token /// URL. #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] @@ -1758,7 +1817,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2 { /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -1774,7 +1833,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2 { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, /// `tokenURL` configures the URL to fetch the token from. #[serde(rename = "tokenUrl")] pub token_url: String, @@ -1783,18 +1842,18 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsOauth2ClientId { +pub struct ScrapeConfigDockerSdConfigsOauth2ClientId { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsOauth2ClientIdConfigMap { +pub struct ScrapeConfigDockerSdConfigsOauth2ClientIdConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -1811,7 +1870,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2ClientIdConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsOauth2ClientIdSecret { +pub struct ScrapeConfigDockerSdConfigsOauth2ClientIdSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -1829,7 +1888,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2ClientIdSecret { /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsOauth2ClientSecret { +pub struct ScrapeConfigDockerSdConfigsOauth2ClientSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -1846,7 +1905,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2ClientSecret { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsOauth2ProxyConnectHeader { +pub struct ScrapeConfigDockerSdConfigsOauth2ProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -1864,29 +1923,29 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2ProxyConnectHeader { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfig { +pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -1894,18 +1953,18 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCa { +pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCaConfigMap { +pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -1922,7 +1981,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCaSecret { +pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -1939,18 +1998,18 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCert { +pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCertConfigMap { +pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -1967,7 +2026,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCertSecret { +pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -1984,7 +2043,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigKeySecret { +pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2002,7 +2061,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigKeySecret { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigMaxVersion { +pub enum ScrapeConfigDockerSdConfigsOauth2TlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -2016,7 +2075,7 @@ pub enum ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigMaxVersion { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigMinVersion { +pub enum ScrapeConfigDockerSdConfigsOauth2TlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -2029,7 +2088,7 @@ pub enum ScrapeConfigDigitalOceanSdConfigsOauth2TlsConfigMinVersion { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsProxyConnectHeader { +pub struct ScrapeConfigDockerSdConfigsProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2046,29 +2105,29 @@ pub struct ScrapeConfigDigitalOceanSdConfigsProxyConnectHeader { /// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfig { +pub struct ScrapeConfigDockerSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -2076,18 +2135,18 @@ pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCa { +pub struct ScrapeConfigDockerSdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCaConfigMap { +pub struct ScrapeConfigDockerSdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -2104,7 +2163,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCaSecret { +pub struct ScrapeConfigDockerSdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2121,18 +2180,18 @@ pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCert { +pub struct ScrapeConfigDockerSdConfigsTlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCertConfigMap { +pub struct ScrapeConfigDockerSdConfigsTlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -2149,7 +2208,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCertSecret { +pub struct ScrapeConfigDockerSdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2166,7 +2225,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigKeySecret { +pub struct ScrapeConfigDockerSdConfigsTlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2183,7 +2242,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigsTlsConfigKeySecret { /// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigDigitalOceanSdConfigsTlsConfigMaxVersion { +pub enum ScrapeConfigDockerSdConfigsTlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -2196,7 +2255,7 @@ pub enum ScrapeConfigDigitalOceanSdConfigsTlsConfigMaxVersion { /// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigDigitalOceanSdConfigsTlsConfigMinVersion { +pub enum ScrapeConfigDockerSdConfigsTlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -2207,78 +2266,32 @@ pub enum ScrapeConfigDigitalOceanSdConfigsTlsConfigMinVersion { Tls13, } -/// DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. -/// The DNS servers to be contacted are read from /etc/resolv.conf. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDnsSdConfigs { - /// A list of DNS domain names to be queried. - pub names: Vec, - /// The port number used if the query type is not SRV - /// Ignored for SRV records - #[serde(default, skip_serializing_if = "Option::is_none")] - pub port: Option, - /// RefreshInterval configures the time after which the provided names are refreshed. - /// If not set, Prometheus uses its default value. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] - pub refresh_interval: Option, - /// The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - /// If not set, Prometheus uses its default value. - /// - /// When set to NS, it requires Prometheus >= v2.49.0. - /// When set to MX, it requires Prometheus >= v2.38.0 - #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] - pub r#type: Option, -} - -/// DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. -/// The DNS servers to be contacted are read from /etc/resolv.conf. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config +/// DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigDnsSdConfigsType { - A, - #[serde(rename = "AAAA")] - Aaaa, - #[serde(rename = "MX")] - Mx, - #[serde(rename = "NS")] - Ns, - #[serde(rename = "SRV")] - Srv, -} - -/// Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. -/// This SD discovers "containers" and will create a target for each network IP and -/// port the container is configured to expose. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigs { - /// Authorization header configuration to authenticate against the Docker API. - /// Cannot be set at the same time as `oauth2`. +pub struct ScrapeConfigDockerSwarmSdConfigs { + /// Authorization header configuration to authenticate against the target HTTP endpoint. #[serde(default, skip_serializing_if = "Option::is_none")] - pub authorization: Option, - /// BasicAuth information to use on every scrape request. + pub authorization: Option, + /// Optional HTTP basic authentication information. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] - pub basic_auth: Option, + pub basic_auth: Option, /// Whether to enable HTTP2. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] pub enable_http2: Option, - /// Optional filters to limit the discovery process to a subset of the available resources. + /// Optional filters to limit the discovery process to a subset of available + /// resources. + /// The available filters are listed in the upstream documentation: + /// Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + /// Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + /// Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList #[serde(default, skip_serializing_if = "Option::is_none")] - pub filters: Option>, + pub filters: Option>, /// Configure whether HTTP requests follow HTTP 3xx redirects. #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] pub follow_redirects: Option, - /// Address of the docker daemon + /// Address of the Docker daemon pub host: String, - /// The host to use if the container is in host networking mode. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostNetworkingHost")] - pub host_networking_host: Option, - /// Configure whether to match the first network if the container has multiple networks defined. - /// If unset, Prometheus uses true by default. - /// It requires Prometheus >= v2.54.0. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFirstNetwork")] - pub match_first_network: Option, /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names /// that should be excluded from proxying. IP and domain names can /// contain port numbers. @@ -2287,18 +2300,19 @@ pub struct ScrapeConfigDockerSdConfigs { #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// Optional OAuth 2.0 configuration. - /// Cannot be set at the same time as `authorization`. + /// Cannot be set at the same time as `authorization`, or `basicAuth`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub oauth2: Option, - /// The port to scrape metrics from. + pub oauth2: Option, + /// The port to scrape metrics from, when `role` is nodes, and for discovered + /// tasks and services that don't have published ports. #[serde(default, skip_serializing_if = "Option::is_none")] - pub port: Option, + pub port: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -2308,21 +2322,22 @@ pub struct ScrapeConfigDockerSdConfigs { /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, - /// Time after which the container is refreshed. + /// The time after which the service discovery data is refreshed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, - /// TLS configuration applying to the target HTTP endpoint. + /// Role of the targets to retrieve. Must be `Services`, `Tasks`, or `Nodes`. + pub role: ScrapeConfigDockerSwarmSdConfigsRole, + /// TLS configuration to use on every scrape request #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, } -/// Authorization header configuration to authenticate against the Docker API. -/// Cannot be set at the same time as `oauth2`. +/// Authorization header configuration to authenticate against the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsAuthorization { +pub struct ScrapeConfigDockerSwarmSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub credentials: Option, + pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// /// "Basic" is not a supported value. @@ -2334,7 +2349,7 @@ pub struct ScrapeConfigDockerSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsAuthorizationCredentials { +pub struct ScrapeConfigDockerSwarmSdConfigsAuthorizationCredentials { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2349,23 +2364,23 @@ pub struct ScrapeConfigDockerSdConfigsAuthorizationCredentials { pub optional: Option, } -/// BasicAuth information to use on every scrape request. +/// Optional HTTP basic authentication information. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsBasicAuth { +pub struct ScrapeConfigDockerSwarmSdConfigsBasicAuth { /// `password` specifies a key of a Secret containing the password for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub password: Option, + pub password: Option, /// `username` specifies a key of a Secret containing the username for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub username: Option, + pub username: Option, } /// `password` specifies a key of a Secret containing the password for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsBasicAuthPassword { +pub struct ScrapeConfigDockerSwarmSdConfigsBasicAuthPassword { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2383,7 +2398,7 @@ pub struct ScrapeConfigDockerSdConfigsBasicAuthPassword { /// `username` specifies a key of a Secret containing the username for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsBasicAuthUsername { +pub struct ScrapeConfigDockerSwarmSdConfigsBasicAuthUsername { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2400,7 +2415,7 @@ pub struct ScrapeConfigDockerSdConfigsBasicAuthUsername { /// Filter name and value pairs to limit the discovery process to a subset of available resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsFilters { +pub struct ScrapeConfigDockerSwarmSdConfigsFilters { /// Name of the Filter. pub name: String, /// Value to filter on. @@ -2408,17 +2423,17 @@ pub struct ScrapeConfigDockerSdConfigsFilters { } /// Optional OAuth 2.0 configuration. -/// Cannot be set at the same time as `authorization`. +/// Cannot be set at the same time as `authorization`, or `basicAuth`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsOauth2 { +pub struct ScrapeConfigDockerSwarmSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[serde(rename = "clientId")] - pub client_id: ScrapeConfigDockerSdConfigsOauth2ClientId, + pub client_id: ScrapeConfigDockerSwarmSdConfigsOauth2ClientId, /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[serde(rename = "clientSecret")] - pub client_secret: ScrapeConfigDockerSdConfigsOauth2ClientSecret, + pub client_secret: ScrapeConfigDockerSwarmSdConfigsOauth2ClientSecret, /// `endpointParams` configures the HTTP parameters to append to the token /// URL. #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] @@ -2435,7 +2450,7 @@ pub struct ScrapeConfigDockerSdConfigsOauth2 { /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -2451,7 +2466,7 @@ pub struct ScrapeConfigDockerSdConfigsOauth2 { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, /// `tokenURL` configures the URL to fetch the token from. #[serde(rename = "tokenUrl")] pub token_url: String, @@ -2460,18 +2475,18 @@ pub struct ScrapeConfigDockerSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsOauth2ClientId { +pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ClientId { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsOauth2ClientIdConfigMap { +pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ClientIdConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -2488,7 +2503,7 @@ pub struct ScrapeConfigDockerSdConfigsOauth2ClientIdConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsOauth2ClientIdSecret { +pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ClientIdSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2506,7 +2521,7 @@ pub struct ScrapeConfigDockerSdConfigsOauth2ClientIdSecret { /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsOauth2ClientSecret { +pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ClientSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2523,7 +2538,7 @@ pub struct ScrapeConfigDockerSdConfigsOauth2ClientSecret { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsOauth2ProxyConnectHeader { +pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2541,29 +2556,29 @@ pub struct ScrapeConfigDockerSdConfigsOauth2ProxyConnectHeader { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfig { +pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -2571,18 +2586,18 @@ pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCa { +pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCaConfigMap { +pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -2599,7 +2614,7 @@ pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCaSecret { +pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2616,18 +2631,18 @@ pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCert { +pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCertConfigMap { +pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -2644,7 +2659,7 @@ pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCertSecret { +pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2661,7 +2676,7 @@ pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigKeySecret { +pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2679,7 +2694,7 @@ pub struct ScrapeConfigDockerSdConfigsOauth2TlsConfigKeySecret { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigDockerSdConfigsOauth2TlsConfigMaxVersion { +pub enum ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -2693,7 +2708,7 @@ pub enum ScrapeConfigDockerSdConfigsOauth2TlsConfigMaxVersion { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigDockerSdConfigsOauth2TlsConfigMinVersion { +pub enum ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -2706,7 +2721,7 @@ pub enum ScrapeConfigDockerSdConfigsOauth2TlsConfigMinVersion { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsProxyConnectHeader { +pub struct ScrapeConfigDockerSwarmSdConfigsProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2721,31 +2736,40 @@ pub struct ScrapeConfigDockerSdConfigsProxyConnectHeader { pub optional: Option, } -/// TLS configuration applying to the target HTTP endpoint. +/// DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigDockerSwarmSdConfigsRole { + Services, + Tasks, + Nodes, +} + +/// TLS configuration to use on every scrape request #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsTlsConfig { +pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -2753,18 +2777,18 @@ pub struct ScrapeConfigDockerSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsTlsConfigCa { +pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsTlsConfigCaConfigMap { +pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -2781,7 +2805,7 @@ pub struct ScrapeConfigDockerSdConfigsTlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsTlsConfigCaSecret { +pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2798,18 +2822,18 @@ pub struct ScrapeConfigDockerSdConfigsTlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsTlsConfigCert { +pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsTlsConfigCertConfigMap { +pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -2826,7 +2850,7 @@ pub struct ScrapeConfigDockerSdConfigsTlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsTlsConfigCertSecret { +pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2843,7 +2867,7 @@ pub struct ScrapeConfigDockerSdConfigsTlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSdConfigsTlsConfigKeySecret { +pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2858,9 +2882,9 @@ pub struct ScrapeConfigDockerSdConfigsTlsConfigKeySecret { pub optional: Option, } -/// TLS configuration applying to the target HTTP endpoint. +/// TLS configuration to use on every scrape request #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigDockerSdConfigsTlsConfigMaxVersion { +pub enum ScrapeConfigDockerSwarmSdConfigsTlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -2871,9 +2895,9 @@ pub enum ScrapeConfigDockerSdConfigsTlsConfigMaxVersion { Tls13, } -/// TLS configuration applying to the target HTTP endpoint. +/// TLS configuration to use on every scrape request #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigDockerSdConfigsTlsConfigMinVersion { +pub enum ScrapeConfigDockerSwarmSdConfigsTlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -2884,32 +2908,33 @@ pub enum ScrapeConfigDockerSdConfigsTlsConfigMinVersion { Tls13, } -/// DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigs { - /// Authorization header configuration to authenticate against the target HTTP endpoint. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub authorization: Option, - /// Optional HTTP basic authentication information. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] - pub basic_auth: Option, +/// EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. +/// The private IP address is used by default, but may be changed to the public IP address with relabeling. +/// The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config +/// +/// The EC2 service discovery requires AWS API keys or role ARN for authentication. +/// BasicAuth, Authorization and OAuth2 fields are not present on purpose. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigEc2SdConfigs { + /// AccessKey is the AWS API key. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessKey")] + pub access_key: Option, /// Whether to enable HTTP2. + /// It requires Prometheus >= v2.41.0 #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] pub enable_http2: Option, - /// Optional filters to limit the discovery process to a subset of available - /// resources. - /// The available filters are listed in the upstream documentation: - /// Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - /// Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - /// Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + /// Filters can be used optionally to filter the instance list by other criteria. + /// Available filter criteria can be found here: + /// https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + /// Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + /// It requires Prometheus >= v2.3.0 #[serde(default, skip_serializing_if = "Option::is_none")] - pub filters: Option>, + pub filters: Option>, /// Configure whether HTTP requests follow HTTP 3xx redirects. + /// It requires Prometheus >= v2.41.0 #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] pub follow_redirects: Option, - /// Address of the Docker daemon - pub host: String, /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names /// that should be excluded from proxying. IP and domain names can /// contain port numbers. @@ -2917,12 +2942,8 @@ pub struct ScrapeConfigDockerSwarmSdConfigs { /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, - /// Optional OAuth 2.0 configuration. - /// Cannot be set at the same time as `authorization`, or `basicAuth`. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub oauth2: Option, - /// The port to scrape metrics from, when `role` is nodes, and for discovered - /// tasks and services that don't have published ports. + /// The port to scrape metrics from. If using the public IP address, this must + /// instead be specified in the relabeling rule. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// ProxyConnectHeader optionally specifies headers to send to @@ -2930,7 +2951,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigs { /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -2940,34 +2961,27 @@ pub struct ScrapeConfigDockerSwarmSdConfigs { /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, - /// The time after which the service discovery data is refreshed. + /// RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, - /// Role of the targets to retrieve. Must be `Services`, `Tasks`, or `Nodes`. - pub role: ScrapeConfigDockerSwarmSdConfigsRole, - /// TLS configuration to use on every scrape request - #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, -} - -/// Authorization header configuration to authenticate against the target HTTP endpoint. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsAuthorization { - /// Selects a key of a Secret in the namespace that contains the credentials for authentication. + /// The AWS region. #[serde(default, skip_serializing_if = "Option::is_none")] - pub credentials: Option, - /// Defines the authentication type. The value is case-insensitive. - /// - /// "Basic" is not a supported value. - /// - /// Default: "Bearer" - #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] - pub r#type: Option, + pub region: Option, + /// AWS Role ARN, an alternative to using AWS API keys. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "roleARN")] + pub role_arn: Option, + /// SecretKey is the AWS API secret. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKey")] + pub secret_key: Option, + /// TLS configuration to connect to the AWS EC2 API. + /// It requires Prometheus >= v2.41.0 + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] + pub tls_config: Option, } -/// Selects a key of a Secret in the namespace that contains the credentials for authentication. +/// AccessKey is the AWS API key. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsAuthorizationCredentials { +pub struct ScrapeConfigEc2SdConfigsAccessKey { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -2982,23 +2996,18 @@ pub struct ScrapeConfigDockerSwarmSdConfigsAuthorizationCredentials { pub optional: Option, } -/// Optional HTTP basic authentication information. +/// Filter name and value pairs to limit the discovery process to a subset of available resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsBasicAuth { - /// `password` specifies a key of a Secret containing the password for - /// authentication. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub password: Option, - /// `username` specifies a key of a Secret containing the username for - /// authentication. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub username: Option, +pub struct ScrapeConfigEc2SdConfigsFilters { + /// Name of the Filter. + pub name: String, + /// Value to filter on. + pub values: Vec, } -/// `password` specifies a key of a Secret containing the password for -/// authentication. +/// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsBasicAuthPassword { +pub struct ScrapeConfigEc2SdConfigsProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3013,10 +3022,9 @@ pub struct ScrapeConfigDockerSwarmSdConfigsBasicAuthPassword { pub optional: Option, } -/// `username` specifies a key of a Secret containing the username for -/// authentication. +/// SecretKey is the AWS API secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsBasicAuthUsername { +pub struct ScrapeConfigEc2SdConfigsSecretKey { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3031,80 +3039,51 @@ pub struct ScrapeConfigDockerSwarmSdConfigsBasicAuthUsername { pub optional: Option, } -/// Filter name and value pairs to limit the discovery process to a subset of available resources. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsFilters { - /// Name of the Filter. - pub name: String, - /// Value to filter on. - pub values: Vec, -} - -/// Optional OAuth 2.0 configuration. -/// Cannot be set at the same time as `authorization`, or `basicAuth`. +/// TLS configuration to connect to the AWS EC2 API. +/// It requires Prometheus >= v2.41.0 #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsOauth2 { - /// `clientId` specifies a key of a Secret or ConfigMap containing the - /// OAuth2 client's ID. - #[serde(rename = "clientId")] - pub client_id: ScrapeConfigDockerSwarmSdConfigsOauth2ClientId, - /// `clientSecret` specifies a key of a Secret containing the OAuth2 - /// client's secret. - #[serde(rename = "clientSecret")] - pub client_secret: ScrapeConfigDockerSwarmSdConfigsOauth2ClientSecret, - /// `endpointParams` configures the HTTP parameters to append to the token - /// URL. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] - pub endpoint_params: Option>, - /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - /// that should be excluded from proxying. IP and domain names can - /// contain port numbers. - /// - /// It requires Prometheus >= v2.43.0. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] - pub no_proxy: Option, - /// ProxyConnectHeader optionally specifies headers to send to - /// proxies during CONNECT requests. +pub struct ScrapeConfigEc2SdConfigsTlsConfig { + /// Certificate authority used when verifying server certificates. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ca: Option, + /// Client certificate to present when doing client-authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cert: Option, + /// Disable target certificate validation. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] + pub insecure_skip_verify: Option, + /// Secret containing the client key file for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] + pub key_secret: Option, + /// Maximum acceptable TLS version. /// - /// It requires Prometheus >= v2.43.0. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, - /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - /// If unset, Prometheus uses its default value. + /// It requires Prometheus >= v2.41.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] + pub max_version: Option, + /// Minimum acceptable TLS version. /// - /// It requires Prometheus >= v2.43.0. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] - pub proxy_from_environment: Option, - /// `proxyURL` defines the HTTP proxy server to use. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, - /// `scopes` defines the OAuth2 scopes used for the token request. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub scopes: Option>, - /// TLS configuration to use when connecting to the OAuth2 server. - /// It requires Prometheus >= v2.43.0. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, - /// `tokenURL` configures the URL to fetch the token from. - #[serde(rename = "tokenUrl")] - pub token_url: String, + /// It requires Prometheus >= v2.35.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] + pub min_version: Option, + /// Used to verify the hostname for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] + pub server_name: Option, } -/// `clientId` specifies a key of a Secret or ConfigMap containing the -/// OAuth2 client's ID. +/// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ClientId { +pub struct ScrapeConfigEc2SdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ClientIdConfigMap { +pub struct ScrapeConfigEc2SdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -3121,7 +3100,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ClientIdConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ClientIdSecret { +pub struct ScrapeConfigEc2SdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3136,11 +3115,21 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ClientIdSecret { pub optional: Option, } -/// `clientSecret` specifies a key of a Secret containing the OAuth2 -/// client's secret. +/// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ClientSecret { - /// The key of the secret to select from. Must be a valid secret key. +pub struct ScrapeConfigEc2SdConfigsTlsConfigCert { + /// ConfigMap containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// Secret containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigEc2SdConfigsTlsConfigCertConfigMap { + /// The key to select. pub key: String, /// Name of the referent. /// This field is effectively required, but due to backwards compatibility is @@ -3149,14 +3138,14 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ClientSecret { /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Specify whether the Secret or its key must be defined + /// Specify whether the ConfigMap or its key must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } -/// SecretKeySelector selects a key of a Secret. +/// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ProxyConnectHeader { +pub struct ScrapeConfigEc2SdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3171,52 +3160,123 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2ProxyConnectHeader { pub optional: Option, } -/// TLS configuration to use when connecting to the OAuth2 server. -/// It requires Prometheus >= v2.43.0. +/// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfig { - /// Certificate authority used when verifying server certificates. +pub struct ScrapeConfigEc2SdConfigsTlsConfigKeySecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, - /// Client certificate to present when doing client-authentication. + pub name: Option, + /// Specify whether the Secret or its key must be defined #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, - /// Disable target certificate validation. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] - pub insecure_skip_verify: Option, - /// Secret containing the client key file for the targets. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, - /// Maximum acceptable TLS version. + pub optional: Option, +} + +/// TLS configuration to connect to the AWS EC2 API. +/// It requires Prometheus >= v2.41.0 +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigEc2SdConfigsTlsConfigMaxVersion { + #[serde(rename = "TLS10")] + Tls10, + #[serde(rename = "TLS11")] + Tls11, + #[serde(rename = "TLS12")] + Tls12, + #[serde(rename = "TLS13")] + Tls13, +} + +/// TLS configuration to connect to the AWS EC2 API. +/// It requires Prometheus >= v2.41.0 +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigEc2SdConfigsTlsConfigMinVersion { + #[serde(rename = "TLS10")] + Tls10, + #[serde(rename = "TLS11")] + Tls11, + #[serde(rename = "TLS12")] + Tls12, + #[serde(rename = "TLS13")] + Tls13, +} + +/// Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. +/// Prometheus will periodically check the REST endpoint and create a target for every app instance. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigEurekaSdConfigs { + /// Authorization header to use on every scrape request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub authorization: Option, + /// BasicAuth information to use on every scrape request. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] + pub basic_auth: Option, + /// Whether to enable HTTP2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] + pub enable_http2: Option, + /// Configure whether HTTP requests follow HTTP 3xx redirects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] + pub follow_redirects: Option, + /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + /// that should be excluded from proxying. IP and domain names can + /// contain port numbers. /// - /// It requires Prometheus >= v2.41.0. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, - /// Minimum acceptable TLS version. + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] + pub no_proxy: Option, + /// Optional OAuth 2.0 configuration. + /// Cannot be set at the same time as `authorization` or `basic_auth`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// ProxyConnectHeader optionally specifies headers to send to + /// proxies during CONNECT requests. /// - /// It requires Prometheus >= v2.35.0. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, - /// Used to verify the hostname for the targets. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] - pub server_name: Option, + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] + pub proxy_connect_header: Option>, + /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + /// If unset, Prometheus uses its default value. + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] + pub proxy_from_environment: Option, + /// `proxyURL` defines the HTTP proxy server to use. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] + pub proxy_url: Option, + /// Refresh interval to re-read the instance list. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] + pub refresh_interval: Option, + /// The URL to connect to the Eureka server. + pub server: String, + /// TLS configuration applying to the target HTTP endpoint. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] + pub tls_config: Option, } -/// Certificate authority used when verifying server certificates. +/// Authorization header to use on every scrape request. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCa { - /// ConfigMap containing data to use for the targets. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, - /// Secret containing data to use for the targets. +pub struct ScrapeConfigEurekaSdConfigsAuthorization { + /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub credentials: Option, + /// Defines the authentication type. The value is case-insensitive. + /// + /// "Basic" is not a supported value. + /// + /// Default: "Bearer" + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, } -/// ConfigMap containing data to use for the targets. +/// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCaConfigMap { - /// The key to select. +pub struct ScrapeConfigEurekaSdConfigsAuthorizationCredentials { + /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. /// This field is effectively required, but due to backwards compatibility is @@ -3225,14 +3285,28 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCaConfigMap { /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Specify whether the ConfigMap or its key must be defined + /// Specify whether the Secret or its key must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } -/// Secret containing data to use for the targets. +/// BasicAuth information to use on every scrape request. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCaSecret { +pub struct ScrapeConfigEurekaSdConfigsBasicAuth { + /// `password` specifies a key of a Secret containing the password for + /// authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub password: Option, + /// `username` specifies a key of a Secret containing the username for + /// authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub username: Option, +} + +/// `password` specifies a key of a Secret containing the password for +/// authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigEurekaSdConfigsBasicAuthPassword { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3247,20 +3321,89 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCaSecret { pub optional: Option, } -/// Client certificate to present when doing client-authentication. +/// `username` specifies a key of a Secret containing the username for +/// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCert { +pub struct ScrapeConfigEurekaSdConfigsBasicAuthUsername { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Optional OAuth 2.0 configuration. +/// Cannot be set at the same time as `authorization` or `basic_auth`. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigEurekaSdConfigsOauth2 { + /// `clientId` specifies a key of a Secret or ConfigMap containing the + /// OAuth2 client's ID. + #[serde(rename = "clientId")] + pub client_id: ScrapeConfigEurekaSdConfigsOauth2ClientId, + /// `clientSecret` specifies a key of a Secret containing the OAuth2 + /// client's secret. + #[serde(rename = "clientSecret")] + pub client_secret: ScrapeConfigEurekaSdConfigsOauth2ClientSecret, + /// `endpointParams` configures the HTTP parameters to append to the token + /// URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] + pub endpoint_params: Option>, + /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + /// that should be excluded from proxying. IP and domain names can + /// contain port numbers. + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] + pub no_proxy: Option, + /// ProxyConnectHeader optionally specifies headers to send to + /// proxies during CONNECT requests. + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] + pub proxy_connect_header: Option>, + /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + /// If unset, Prometheus uses its default value. + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] + pub proxy_from_environment: Option, + /// `proxyURL` defines the HTTP proxy server to use. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] + pub proxy_url: Option, + /// `scopes` defines the OAuth2 scopes used for the token request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// TLS configuration to use when connecting to the OAuth2 server. + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] + pub tls_config: Option, + /// `tokenURL` configures the URL to fetch the token from. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// `clientId` specifies a key of a Secret or ConfigMap containing the +/// OAuth2 client's ID. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigEurekaSdConfigsOauth2ClientId { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCertConfigMap { +pub struct ScrapeConfigEurekaSdConfigsOauth2ClientIdConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -3277,7 +3420,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCertSecret { +pub struct ScrapeConfigEurekaSdConfigsOauth2ClientIdSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3292,9 +3435,10 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigCertSecret { pub optional: Option, } -/// Secret containing the client key file for the targets. +/// `clientSecret` specifies a key of a Secret containing the OAuth2 +/// client's secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigKeySecret { +pub struct ScrapeConfigEurekaSdConfigsOauth2ClientSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3309,37 +3453,9 @@ pub struct ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigKeySecret { pub optional: Option, } -/// TLS configuration to use when connecting to the OAuth2 server. -/// It requires Prometheus >= v2.43.0. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigMaxVersion { - #[serde(rename = "TLS10")] - Tls10, - #[serde(rename = "TLS11")] - Tls11, - #[serde(rename = "TLS12")] - Tls12, - #[serde(rename = "TLS13")] - Tls13, -} - -/// TLS configuration to use when connecting to the OAuth2 server. -/// It requires Prometheus >= v2.43.0. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigDockerSwarmSdConfigsOauth2TlsConfigMinVersion { - #[serde(rename = "TLS10")] - Tls10, - #[serde(rename = "TLS11")] - Tls11, - #[serde(rename = "TLS12")] - Tls12, - #[serde(rename = "TLS13")] - Tls13, -} - /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsProxyConnectHeader { +pub struct ScrapeConfigEurekaSdConfigsOauth2ProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3350,44 +3466,36 @@ pub struct ScrapeConfigDockerSwarmSdConfigsProxyConnectHeader { #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -/// DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigDockerSwarmSdConfigsRole { - Services, - Tasks, - Nodes, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, } -/// TLS configuration to use on every scrape request +/// TLS configuration to use when connecting to the OAuth2 server. +/// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfig { +pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -3395,18 +3503,18 @@ pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCa { +pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCaConfigMap { +pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -3423,7 +3531,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCaSecret { +pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3440,18 +3548,18 @@ pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCert { +pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCertConfigMap { +pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -3468,7 +3576,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCertSecret { +pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3485,7 +3593,7 @@ pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigKeySecret { +pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3500,9 +3608,10 @@ pub struct ScrapeConfigDockerSwarmSdConfigsTlsConfigKeySecret { pub optional: Option, } -/// TLS configuration to use on every scrape request +/// TLS configuration to use when connecting to the OAuth2 server. +/// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigDockerSwarmSdConfigsTlsConfigMaxVersion { +pub enum ScrapeConfigEurekaSdConfigsOauth2TlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -3513,9 +3622,10 @@ pub enum ScrapeConfigDockerSwarmSdConfigsTlsConfigMaxVersion { Tls13, } -/// TLS configuration to use on every scrape request +/// TLS configuration to use when connecting to the OAuth2 server. +/// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigDockerSwarmSdConfigsTlsConfigMinVersion { +pub enum ScrapeConfigEurekaSdConfigsOauth2TlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -3526,123 +3636,9 @@ pub enum ScrapeConfigDockerSwarmSdConfigsTlsConfigMinVersion { Tls13, } -/// EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. -/// The private IP address is used by default, but may be changed to the public IP address with relabeling. -/// The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config -/// -/// The EC2 service discovery requires AWS API keys or role ARN for authentication. -/// BasicAuth, Authorization and OAuth2 fields are not present on purpose. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEc2SdConfigs { - /// AccessKey is the AWS API key. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessKey")] - pub access_key: Option, - /// Whether to enable HTTP2. - /// It requires Prometheus >= v2.41.0 - #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] - pub enable_http2: Option, - /// Filters can be used optionally to filter the instance list by other criteria. - /// Available filter criteria can be found here: - /// https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - /// Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - /// It requires Prometheus >= v2.3.0 - #[serde(default, skip_serializing_if = "Option::is_none")] - pub filters: Option>, - /// Configure whether HTTP requests follow HTTP 3xx redirects. - /// It requires Prometheus >= v2.41.0 - #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] - pub follow_redirects: Option, - /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - /// that should be excluded from proxying. IP and domain names can - /// contain port numbers. - /// - /// It requires Prometheus >= v2.43.0. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] - pub no_proxy: Option, - /// The port to scrape metrics from. If using the public IP address, this must - /// instead be specified in the relabeling rule. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub port: Option, - /// ProxyConnectHeader optionally specifies headers to send to - /// proxies during CONNECT requests. - /// - /// It requires Prometheus >= v2.43.0. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, - /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - /// If unset, Prometheus uses its default value. - /// - /// It requires Prometheus >= v2.43.0. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] - pub proxy_from_environment: Option, - /// `proxyURL` defines the HTTP proxy server to use. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, - /// RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] - pub refresh_interval: Option, - /// The AWS region. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub region: Option, - /// AWS Role ARN, an alternative to using AWS API keys. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "roleARN")] - pub role_arn: Option, - /// SecretKey is the AWS API secret. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKey")] - pub secret_key: Option, - /// TLS configuration to connect to the AWS EC2 API. - /// It requires Prometheus >= v2.41.0 - #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, -} - -/// AccessKey is the AWS API key. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEc2SdConfigsAccessKey { - /// The key of the secret to select from. Must be a valid secret key. - pub key: String, - /// Name of the referent. - /// This field is effectively required, but due to backwards compatibility is - /// allowed to be empty. Instances of this type with an empty value here are - /// almost certainly wrong. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the Secret or its key must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -/// Filter name and value pairs to limit the discovery process to a subset of available resources. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEc2SdConfigsFilters { - /// Name of the Filter. - pub name: String, - /// Value to filter on. - pub values: Vec, -} - /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEc2SdConfigsProxyConnectHeader { - /// The key of the secret to select from. Must be a valid secret key. - pub key: String, - /// Name of the referent. - /// This field is effectively required, but due to backwards compatibility is - /// allowed to be empty. Instances of this type with an empty value here are - /// almost certainly wrong. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the Secret or its key must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -/// SecretKey is the AWS API secret. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEc2SdConfigsSecretKey { +pub struct ScrapeConfigEurekaSdConfigsProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3657,32 +3653,31 @@ pub struct ScrapeConfigEc2SdConfigsSecretKey { pub optional: Option, } -/// TLS configuration to connect to the AWS EC2 API. -/// It requires Prometheus >= v2.41.0 +/// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEc2SdConfigsTlsConfig { +pub struct ScrapeConfigEurekaSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -3690,18 +3685,18 @@ pub struct ScrapeConfigEc2SdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEc2SdConfigsTlsConfigCa { +pub struct ScrapeConfigEurekaSdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEc2SdConfigsTlsConfigCaConfigMap { +pub struct ScrapeConfigEurekaSdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -3718,7 +3713,7 @@ pub struct ScrapeConfigEc2SdConfigsTlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEc2SdConfigsTlsConfigCaSecret { +pub struct ScrapeConfigEurekaSdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3735,18 +3730,18 @@ pub struct ScrapeConfigEc2SdConfigsTlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEc2SdConfigsTlsConfigCert { +pub struct ScrapeConfigEurekaSdConfigsTlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEc2SdConfigsTlsConfigCertConfigMap { +pub struct ScrapeConfigEurekaSdConfigsTlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -3763,7 +3758,7 @@ pub struct ScrapeConfigEc2SdConfigsTlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEc2SdConfigsTlsConfigCertSecret { +pub struct ScrapeConfigEurekaSdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3780,7 +3775,7 @@ pub struct ScrapeConfigEc2SdConfigsTlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEc2SdConfigsTlsConfigKeySecret { +pub struct ScrapeConfigEurekaSdConfigsTlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3795,10 +3790,9 @@ pub struct ScrapeConfigEc2SdConfigsTlsConfigKeySecret { pub optional: Option, } -/// TLS configuration to connect to the AWS EC2 API. -/// It requires Prometheus >= v2.41.0 +/// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigEc2SdConfigsTlsConfigMaxVersion { +pub enum ScrapeConfigEurekaSdConfigsTlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -3809,10 +3803,9 @@ pub enum ScrapeConfigEc2SdConfigsTlsConfigMaxVersion { Tls13, } -/// TLS configuration to connect to the AWS EC2 API. -/// It requires Prometheus >= v2.41.0 +/// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigEc2SdConfigsTlsConfigMinVersion { +pub enum ScrapeConfigEurekaSdConfigsTlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -3823,17 +3816,69 @@ pub enum ScrapeConfigEc2SdConfigsTlsConfigMinVersion { Tls13, } -/// Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. -/// Prometheus will periodically check the REST endpoint and create a target for every app instance. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigs { - /// Authorization header to use on every scrape request. +/// FileSDConfig defines a Prometheus file service discovery configuration +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigFileSdConfigs { + /// List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + /// prometheus-operator project makes no guarantees about the working directory where the configuration file is + /// stored. + /// Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + pub files: Vec, + /// RefreshInterval configures the refresh interval at which Prometheus will reload the content of the files. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] + pub refresh_interval: Option, +} + +/// GCESDConfig configures scrape targets from GCP GCE instances. +/// The private IP address is used by default, but may be changed to +/// the public IP address with relabeling. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config +/// +/// The GCE service discovery will load the Google Cloud credentials +/// from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. +/// See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform +/// +/// A pre-requisite for using GCESDConfig is that a Secret containing valid +/// Google Cloud credentials is mounted into the Prometheus or PrometheusAgent +/// pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS +/// environment variable is set to /etc/prometheus/secrets//. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigGceSdConfigs { + /// Filter can be used optionally to filter the instance list by other criteria + /// Syntax of this filter is described in the filter query parameter section: + /// https://cloud.google.com/compute/docs/reference/latest/instances/list + #[serde(default, skip_serializing_if = "Option::is_none")] + pub filter: Option, + /// The port to scrape metrics from. If using the public IP address, this must + /// instead be specified in the relabeling rule. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// The Google Cloud Project ID + pub project: String, + /// RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] + pub refresh_interval: Option, + /// The tag separator is used to separate the tags on concatenation + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tagSeparator")] + pub tag_separator: Option, + /// The zone of the scrape targets. If you need multiple zones use multiple GCESDConfigs. + pub zone: String, +} + +/// HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. +/// This service discovery uses the public IPv4 address by default, but that can be changed with relabeling +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct ScrapeConfigHetznerSdConfigs { + /// Authorization header configuration, required when role is hcloud. + /// Role robot does not support bearer token authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub authorization: Option, - /// BasicAuth information to use on every scrape request. + pub authorization: Option, + /// BasicAuth information to use on every scrape request, required when role is robot. + /// Role hcloud does not support basic auth. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] - pub basic_auth: Option, + pub basic_auth: Option, /// Whether to enable HTTP2. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] pub enable_http2: Option, @@ -3848,15 +3893,18 @@ pub struct ScrapeConfigEurekaSdConfigs { #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// Optional OAuth 2.0 configuration. - /// Cannot be set at the same time as `authorization` or `basic_auth`. + /// Cannot be used at the same time as `basic_auth` or `authorization`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub oauth2: Option, + pub oauth2: Option, + /// The port to scrape metrics from. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -3866,22 +3914,23 @@ pub struct ScrapeConfigEurekaSdConfigs { /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, - /// Refresh interval to re-read the instance list. + /// The time after which the servers are refreshed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, - /// The URL to connect to the Eureka server. - pub server: String, - /// TLS configuration applying to the target HTTP endpoint. + /// The Hetzner role of entities that should be discovered. + pub role: ScrapeConfigHetznerSdConfigsRole, + /// TLS configuration to use on every scrape request. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, } -/// Authorization header to use on every scrape request. +/// Authorization header configuration, required when role is hcloud. +/// Role robot does not support bearer token authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsAuthorization { +pub struct ScrapeConfigHetznerSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub credentials: Option, + pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// /// "Basic" is not a supported value. @@ -3893,7 +3942,7 @@ pub struct ScrapeConfigEurekaSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsAuthorizationCredentials { +pub struct ScrapeConfigHetznerSdConfigsAuthorizationCredentials { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3908,23 +3957,24 @@ pub struct ScrapeConfigEurekaSdConfigsAuthorizationCredentials { pub optional: Option, } -/// BasicAuth information to use on every scrape request. +/// BasicAuth information to use on every scrape request, required when role is robot. +/// Role hcloud does not support basic auth. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsBasicAuth { +pub struct ScrapeConfigHetznerSdConfigsBasicAuth { /// `password` specifies a key of a Secret containing the password for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub password: Option, + pub password: Option, /// `username` specifies a key of a Secret containing the username for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub username: Option, + pub username: Option, } /// `password` specifies a key of a Secret containing the password for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsBasicAuthPassword { +pub struct ScrapeConfigHetznerSdConfigsBasicAuthPassword { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3942,7 +3992,7 @@ pub struct ScrapeConfigEurekaSdConfigsBasicAuthPassword { /// `username` specifies a key of a Secret containing the username for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsBasicAuthUsername { +pub struct ScrapeConfigHetznerSdConfigsBasicAuthUsername { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -3958,17 +4008,17 @@ pub struct ScrapeConfigEurekaSdConfigsBasicAuthUsername { } /// Optional OAuth 2.0 configuration. -/// Cannot be set at the same time as `authorization` or `basic_auth`. +/// Cannot be used at the same time as `basic_auth` or `authorization`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsOauth2 { +pub struct ScrapeConfigHetznerSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[serde(rename = "clientId")] - pub client_id: ScrapeConfigEurekaSdConfigsOauth2ClientId, + pub client_id: ScrapeConfigHetznerSdConfigsOauth2ClientId, /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[serde(rename = "clientSecret")] - pub client_secret: ScrapeConfigEurekaSdConfigsOauth2ClientSecret, + pub client_secret: ScrapeConfigHetznerSdConfigsOauth2ClientSecret, /// `endpointParams` configures the HTTP parameters to append to the token /// URL. #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] @@ -3985,7 +4035,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2 { /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -4001,7 +4051,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2 { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, /// `tokenURL` configures the URL to fetch the token from. #[serde(rename = "tokenUrl")] pub token_url: String, @@ -4010,18 +4060,18 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsOauth2ClientId { +pub struct ScrapeConfigHetznerSdConfigsOauth2ClientId { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsOauth2ClientIdConfigMap { +pub struct ScrapeConfigHetznerSdConfigsOauth2ClientIdConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -4038,7 +4088,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2ClientIdConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsOauth2ClientIdSecret { +pub struct ScrapeConfigHetznerSdConfigsOauth2ClientIdSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4056,7 +4106,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2ClientIdSecret { /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsOauth2ClientSecret { +pub struct ScrapeConfigHetznerSdConfigsOauth2ClientSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4073,7 +4123,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2ClientSecret { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsOauth2ProxyConnectHeader { +pub struct ScrapeConfigHetznerSdConfigsOauth2ProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4091,29 +4141,29 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2ProxyConnectHeader { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfig { +pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -4121,18 +4171,18 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCa { +pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCaConfigMap { +pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -4149,7 +4199,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCaSecret { +pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4166,18 +4216,18 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCert { +pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCertConfigMap { +pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -4194,7 +4244,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCertSecret { +pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4211,7 +4261,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigKeySecret { +pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4229,7 +4279,7 @@ pub struct ScrapeConfigEurekaSdConfigsOauth2TlsConfigKeySecret { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigEurekaSdConfigsOauth2TlsConfigMaxVersion { +pub enum ScrapeConfigHetznerSdConfigsOauth2TlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -4243,7 +4293,7 @@ pub enum ScrapeConfigEurekaSdConfigsOauth2TlsConfigMaxVersion { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigEurekaSdConfigsOauth2TlsConfigMinVersion { +pub enum ScrapeConfigHetznerSdConfigsOauth2TlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -4256,7 +4306,7 @@ pub enum ScrapeConfigEurekaSdConfigsOauth2TlsConfigMinVersion { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsProxyConnectHeader { +pub struct ScrapeConfigHetznerSdConfigsProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4271,31 +4321,46 @@ pub struct ScrapeConfigEurekaSdConfigsProxyConnectHeader { pub optional: Option, } -/// TLS configuration applying to the target HTTP endpoint. +/// HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. +/// This service discovery uses the public IPv4 address by default, but that can be changed with relabeling +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigHetznerSdConfigsRole { + #[serde(rename = "hcloud")] + Hcloud, + #[serde(rename = "Hcloud")] + HcloudX, + #[serde(rename = "robot")] + Robot, + #[serde(rename = "Robot")] + RobotX, +} + +/// TLS configuration to use on every scrape request. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsTlsConfig { +pub struct ScrapeConfigHetznerSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -4303,18 +4368,18 @@ pub struct ScrapeConfigEurekaSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsTlsConfigCa { +pub struct ScrapeConfigHetznerSdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsTlsConfigCaConfigMap { +pub struct ScrapeConfigHetznerSdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -4331,7 +4396,7 @@ pub struct ScrapeConfigEurekaSdConfigsTlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsTlsConfigCaSecret { +pub struct ScrapeConfigHetznerSdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4348,18 +4413,18 @@ pub struct ScrapeConfigEurekaSdConfigsTlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsTlsConfigCert { +pub struct ScrapeConfigHetznerSdConfigsTlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsTlsConfigCertConfigMap { +pub struct ScrapeConfigHetznerSdConfigsTlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -4376,7 +4441,7 @@ pub struct ScrapeConfigEurekaSdConfigsTlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsTlsConfigCertSecret { +pub struct ScrapeConfigHetznerSdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4393,7 +4458,7 @@ pub struct ScrapeConfigEurekaSdConfigsTlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigEurekaSdConfigsTlsConfigKeySecret { +pub struct ScrapeConfigHetznerSdConfigsTlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4408,9 +4473,9 @@ pub struct ScrapeConfigEurekaSdConfigsTlsConfigKeySecret { pub optional: Option, } -/// TLS configuration applying to the target HTTP endpoint. +/// TLS configuration to use on every scrape request. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigEurekaSdConfigsTlsConfigMaxVersion { +pub enum ScrapeConfigHetznerSdConfigsTlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -4421,9 +4486,9 @@ pub enum ScrapeConfigEurekaSdConfigsTlsConfigMaxVersion { Tls13, } -/// TLS configuration applying to the target HTTP endpoint. +/// TLS configuration to use on every scrape request. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigEurekaSdConfigsTlsConfigMinVersion { +pub enum ScrapeConfigHetznerSdConfigsTlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -4434,69 +4499,19 @@ pub enum ScrapeConfigEurekaSdConfigsTlsConfigMinVersion { Tls13, } -/// FileSDConfig defines a Prometheus file service discovery configuration -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigFileSdConfigs { - /// List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - /// prometheus-operator project makes no guarantees about the working directory where the configuration file is - /// stored. - /// Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - pub files: Vec, - /// RefreshInterval configures the refresh interval at which Prometheus will reload the content of the files. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] - pub refresh_interval: Option, -} - -/// GCESDConfig configures scrape targets from GCP GCE instances. -/// The private IP address is used by default, but may be changed to -/// the public IP address with relabeling. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config -/// -/// The GCE service discovery will load the Google Cloud credentials -/// from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. -/// See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform -/// -/// A pre-requisite for using GCESDConfig is that a Secret containing valid -/// Google Cloud credentials is mounted into the Prometheus or PrometheusAgent -/// pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS -/// environment variable is set to /etc/prometheus/secrets//. +/// HTTPSDConfig defines a prometheus HTTP service discovery configuration +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigGceSdConfigs { - /// Filter can be used optionally to filter the instance list by other criteria - /// Syntax of this filter is described in the filter query parameter section: - /// https://cloud.google.com/compute/docs/reference/latest/instances/list - #[serde(default, skip_serializing_if = "Option::is_none")] - pub filter: Option, - /// The port to scrape metrics from. If using the public IP address, this must - /// instead be specified in the relabeling rule. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub port: Option, - /// The Google Cloud Project ID - pub project: String, - /// RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] - pub refresh_interval: Option, - /// The tag separator is used to separate the tags on concatenation - #[serde(default, skip_serializing_if = "Option::is_none", rename = "tagSeparator")] - pub tag_separator: Option, - /// The zone of the scrape targets. If you need multiple zones use multiple GCESDConfigs. - pub zone: String, -} - -/// HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. -/// This service discovery uses the public IPv4 address by default, but that can be changed with relabeling -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigs { - /// Authorization header configuration, required when role is hcloud. - /// Role robot does not support bearer token authentication. +pub struct ScrapeConfigHttpSdConfigs { + /// Authorization header configuration to authenticate against the target HTTP endpoint. + /// Cannot be set at the same time as `oAuth2`, or `basicAuth`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub authorization: Option, - /// BasicAuth information to use on every scrape request, required when role is robot. - /// Role hcloud does not support basic auth. + pub authorization: Option, + /// BasicAuth information to authenticate against the target HTTP endpoint. + /// More info: https://prometheus.io/docs/operating/configuration/#endpoints + /// Cannot be set at the same time as `authorization`, or `oAuth2`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] - pub basic_auth: Option, + pub basic_auth: Option, /// Whether to enable HTTP2. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] pub enable_http2: Option, @@ -4510,19 +4525,16 @@ pub struct ScrapeConfigHetznerSdConfigs { /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, - /// Optional OAuth 2.0 configuration. - /// Cannot be used at the same time as `basic_auth` or `authorization`. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub oauth2: Option, - /// The port to scrape metrics from. + /// Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + /// Cannot be set at the same time as `authorization`, or `basicAuth`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub port: Option, + pub oauth2: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -4532,23 +4544,24 @@ pub struct ScrapeConfigHetznerSdConfigs { /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, - /// The time after which the servers are refreshed. + /// RefreshInterval configures the refresh interval at which Prometheus will re-query the + /// endpoint to update the target list. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, - /// The Hetzner role of entities that should be discovered. - pub role: ScrapeConfigHetznerSdConfigsRole, - /// TLS configuration to use on every scrape request. + /// TLS configuration applying to the target HTTP endpoint. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, + /// URL from which the targets are fetched. + pub url: String, } -/// Authorization header configuration, required when role is hcloud. -/// Role robot does not support bearer token authentication. +/// Authorization header configuration to authenticate against the target HTTP endpoint. +/// Cannot be set at the same time as `oAuth2`, or `basicAuth`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsAuthorization { +pub struct ScrapeConfigHttpSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub credentials: Option, + pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// /// "Basic" is not a supported value. @@ -4560,7 +4573,7 @@ pub struct ScrapeConfigHetznerSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsAuthorizationCredentials { +pub struct ScrapeConfigHttpSdConfigsAuthorizationCredentials { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4575,24 +4588,25 @@ pub struct ScrapeConfigHetznerSdConfigsAuthorizationCredentials { pub optional: Option, } -/// BasicAuth information to use on every scrape request, required when role is robot. -/// Role hcloud does not support basic auth. +/// BasicAuth information to authenticate against the target HTTP endpoint. +/// More info: https://prometheus.io/docs/operating/configuration/#endpoints +/// Cannot be set at the same time as `authorization`, or `oAuth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsBasicAuth { +pub struct ScrapeConfigHttpSdConfigsBasicAuth { /// `password` specifies a key of a Secret containing the password for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub password: Option, + pub password: Option, /// `username` specifies a key of a Secret containing the username for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub username: Option, + pub username: Option, } /// `password` specifies a key of a Secret containing the password for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsBasicAuthPassword { +pub struct ScrapeConfigHttpSdConfigsBasicAuthPassword { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4610,7 +4624,7 @@ pub struct ScrapeConfigHetznerSdConfigsBasicAuthPassword { /// `username` specifies a key of a Secret containing the username for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsBasicAuthUsername { +pub struct ScrapeConfigHttpSdConfigsBasicAuthUsername { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4625,18 +4639,18 @@ pub struct ScrapeConfigHetznerSdConfigsBasicAuthUsername { pub optional: Option, } -/// Optional OAuth 2.0 configuration. -/// Cannot be used at the same time as `basic_auth` or `authorization`. +/// Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. +/// Cannot be set at the same time as `authorization`, or `basicAuth`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsOauth2 { +pub struct ScrapeConfigHttpSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[serde(rename = "clientId")] - pub client_id: ScrapeConfigHetznerSdConfigsOauth2ClientId, + pub client_id: ScrapeConfigHttpSdConfigsOauth2ClientId, /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[serde(rename = "clientSecret")] - pub client_secret: ScrapeConfigHetznerSdConfigsOauth2ClientSecret, + pub client_secret: ScrapeConfigHttpSdConfigsOauth2ClientSecret, /// `endpointParams` configures the HTTP parameters to append to the token /// URL. #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] @@ -4653,7 +4667,7 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2 { /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -4669,7 +4683,7 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2 { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, /// `tokenURL` configures the URL to fetch the token from. #[serde(rename = "tokenUrl")] pub token_url: String, @@ -4678,18 +4692,18 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsOauth2ClientId { +pub struct ScrapeConfigHttpSdConfigsOauth2ClientId { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsOauth2ClientIdConfigMap { +pub struct ScrapeConfigHttpSdConfigsOauth2ClientIdConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -4706,7 +4720,7 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2ClientIdConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsOauth2ClientIdSecret { +pub struct ScrapeConfigHttpSdConfigsOauth2ClientIdSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4724,7 +4738,162 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2ClientIdSecret { /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsOauth2ClientSecret { +pub struct ScrapeConfigHttpSdConfigsOauth2ClientSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// SecretKeySelector selects a key of a Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2ProxyConnectHeader { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// TLS configuration to use when connecting to the OAuth2 server. +/// It requires Prometheus >= v2.43.0. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfig { + /// Certificate authority used when verifying server certificates. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ca: Option, + /// Client certificate to present when doing client-authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cert: Option, + /// Disable target certificate validation. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] + pub insecure_skip_verify: Option, + /// Secret containing the client key file for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] + pub key_secret: Option, + /// Maximum acceptable TLS version. + /// + /// It requires Prometheus >= v2.41.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] + pub max_version: Option, + /// Minimum acceptable TLS version. + /// + /// It requires Prometheus >= v2.35.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] + pub min_version: Option, + /// Used to verify the hostname for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] + pub server_name: Option, +} + +/// Certificate authority used when verifying server certificates. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCa { + /// ConfigMap containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// Secret containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCaConfigMap { + /// The key to select. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCaSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Client certificate to present when doing client-authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCert { + /// ConfigMap containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// Secret containing data to use for the targets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, +} + +/// ConfigMap containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCertConfigMap { + /// The key to select. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing data to use for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCertSecret { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Secret containing the client key file for the targets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4739,9 +4908,37 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2ClientSecret { pub optional: Option, } +/// TLS configuration to use when connecting to the OAuth2 server. +/// It requires Prometheus >= v2.43.0. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigHttpSdConfigsOauth2TlsConfigMaxVersion { + #[serde(rename = "TLS10")] + Tls10, + #[serde(rename = "TLS11")] + Tls11, + #[serde(rename = "TLS12")] + Tls12, + #[serde(rename = "TLS13")] + Tls13, +} + +/// TLS configuration to use when connecting to the OAuth2 server. +/// It requires Prometheus >= v2.43.0. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigHttpSdConfigsOauth2TlsConfigMinVersion { + #[serde(rename = "TLS10")] + Tls10, + #[serde(rename = "TLS11")] + Tls11, + #[serde(rename = "TLS12")] + Tls12, + #[serde(rename = "TLS13")] + Tls13, +} + /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsOauth2ProxyConnectHeader { +pub struct ScrapeConfigHttpSdConfigsProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4756,32 +4953,31 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2ProxyConnectHeader { pub optional: Option, } -/// TLS configuration to use when connecting to the OAuth2 server. -/// It requires Prometheus >= v2.43.0. +/// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfig { +pub struct ScrapeConfigHttpSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -4789,18 +4985,18 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCa { +pub struct ScrapeConfigHttpSdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCaConfigMap { +pub struct ScrapeConfigHttpSdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -4817,7 +5013,7 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCaSecret { +pub struct ScrapeConfigHttpSdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4834,18 +5030,18 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCert { +pub struct ScrapeConfigHttpSdConfigsTlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCertConfigMap { +pub struct ScrapeConfigHttpSdConfigsTlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -4862,7 +5058,7 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCertSecret { +pub struct ScrapeConfigHttpSdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4879,7 +5075,7 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigKeySecret { +pub struct ScrapeConfigHttpSdConfigsTlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4894,10 +5090,9 @@ pub struct ScrapeConfigHetznerSdConfigsOauth2TlsConfigKeySecret { pub optional: Option, } -/// TLS configuration to use when connecting to the OAuth2 server. -/// It requires Prometheus >= v2.43.0. +/// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigHetznerSdConfigsOauth2TlsConfigMaxVersion { +pub enum ScrapeConfigHttpSdConfigsTlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -4908,10 +5103,9 @@ pub enum ScrapeConfigHetznerSdConfigsOauth2TlsConfigMaxVersion { Tls13, } -/// TLS configuration to use when connecting to the OAuth2 server. -/// It requires Prometheus >= v2.43.0. +/// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigHetznerSdConfigsOauth2TlsConfigMinVersion { +pub enum ScrapeConfigHttpSdConfigsTlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -4922,9 +5116,72 @@ pub enum ScrapeConfigHetznerSdConfigsOauth2TlsConfigMinVersion { Tls13, } -/// SecretKeySelector selects a key of a Secret. +/// IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsProxyConnectHeader { +pub struct ScrapeConfigIonosSdConfigs { + /// Authorization` header configuration, required when using IONOS. + pub authorization: ScrapeConfigIonosSdConfigsAuthorization, + /// The unique ID of the IONOS data center. + #[serde(rename = "datacenterID")] + pub datacenter_id: String, + /// Configure whether to enable HTTP2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] + pub enable_http2: Option, + /// Configure whether the HTTP requests should follow HTTP 3xx redirects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] + pub follow_redirects: Option, + /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + /// that should be excluded from proxying. IP and domain names can + /// contain port numbers. + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] + pub no_proxy: Option, + /// Port to scrape the metrics from. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// ProxyConnectHeader optionally specifies headers to send to + /// proxies during CONNECT requests. + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] + pub proxy_connect_header: Option>, + /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + /// If unset, Prometheus uses its default value. + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] + pub proxy_from_environment: Option, + /// `proxyURL` defines the HTTP proxy server to use. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] + pub proxy_url: Option, + /// Refresh interval to re-read the list of resources. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] + pub refresh_interval: Option, + /// TLS configuration to use when connecting to the IONOS API. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] + pub tls_config: Option, +} + +/// Authorization` header configuration, required when using IONOS. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigIonosSdConfigsAuthorization { + /// Selects a key of a Secret in the namespace that contains the credentials for authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Defines the authentication type. The value is case-insensitive. + /// + /// "Basic" is not a supported value. + /// + /// Default: "Bearer" + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// Selects a key of a Secret in the namespace that contains the credentials for authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigIonosSdConfigsAuthorizationCredentials { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -4939,46 +5196,48 @@ pub struct ScrapeConfigHetznerSdConfigsProxyConnectHeader { pub optional: Option, } -/// HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. -/// This service discovery uses the public IPv4 address by default, but that can be changed with relabeling -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigHetznerSdConfigsRole { - #[serde(rename = "hcloud")] - Hcloud, - #[serde(rename = "Hcloud")] - HcloudX, - #[serde(rename = "robot")] - Robot, - #[serde(rename = "Robot")] - RobotX, +/// SecretKeySelector selects a key of a Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigIonosSdConfigsProxyConnectHeader { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, } -/// TLS configuration to use on every scrape request. +/// TLS configuration to use when connecting to the IONOS API. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsTlsConfig { +pub struct ScrapeConfigIonosSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -4986,18 +5245,18 @@ pub struct ScrapeConfigHetznerSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsTlsConfigCa { +pub struct ScrapeConfigIonosSdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsTlsConfigCaConfigMap { +pub struct ScrapeConfigIonosSdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -5014,7 +5273,7 @@ pub struct ScrapeConfigHetznerSdConfigsTlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsTlsConfigCaSecret { +pub struct ScrapeConfigIonosSdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -5031,18 +5290,18 @@ pub struct ScrapeConfigHetznerSdConfigsTlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsTlsConfigCert { +pub struct ScrapeConfigIonosSdConfigsTlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsTlsConfigCertConfigMap { +pub struct ScrapeConfigIonosSdConfigsTlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -5059,7 +5318,7 @@ pub struct ScrapeConfigHetznerSdConfigsTlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsTlsConfigCertSecret { +pub struct ScrapeConfigIonosSdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -5076,7 +5335,7 @@ pub struct ScrapeConfigHetznerSdConfigsTlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHetznerSdConfigsTlsConfigKeySecret { +pub struct ScrapeConfigIonosSdConfigsTlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -5091,9 +5350,9 @@ pub struct ScrapeConfigHetznerSdConfigsTlsConfigKeySecret { pub optional: Option, } -/// TLS configuration to use on every scrape request. +/// TLS configuration to use when connecting to the IONOS API. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigHetznerSdConfigsTlsConfigMaxVersion { +pub enum ScrapeConfigIonosSdConfigsTlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -5104,9 +5363,9 @@ pub enum ScrapeConfigHetznerSdConfigsTlsConfigMaxVersion { Tls13, } -/// TLS configuration to use on every scrape request. +/// TLS configuration to use when connecting to the IONOS API. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigHetznerSdConfigsTlsConfigMinVersion { +pub enum ScrapeConfigIonosSdConfigsTlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -5117,25 +5376,39 @@ pub enum ScrapeConfigHetznerSdConfigsTlsConfigMinVersion { Tls13, } -/// HTTPSDConfig defines a prometheus HTTP service discovery configuration -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigs { - /// Authorization header configuration to authenticate against the target HTTP endpoint. - /// Cannot be set at the same time as `oAuth2`, or `basicAuth`. +/// KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct ScrapeConfigKubernetesSdConfigs { + /// The API server address consisting of a hostname or IP address followed + /// by an optional port number. + /// If left empty, Prometheus is assumed to run inside + /// of the cluster. It will discover API servers automatically and use the pod's + /// CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiServer")] + pub api_server: Option, + /// Optional metadata to attach to discovered targets. + /// It requires Prometheus >= v2.35.0 when using the `Pod` role and + /// Prometheus >= v2.37.0 for `Endpoints` and `Endpointslice` roles. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "attachMetadata")] + pub attach_metadata: Option, + /// Authorization header to use on every scrape request. + /// Cannot be set at the same time as `basicAuth`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub authorization: Option, - /// BasicAuth information to authenticate against the target HTTP endpoint. - /// More info: https://prometheus.io/docs/operating/configuration/#endpoints - /// Cannot be set at the same time as `authorization`, or `oAuth2`. + pub authorization: Option, + /// BasicAuth information to use on every scrape request. + /// Cannot be set at the same time as `authorization`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] - pub basic_auth: Option, + pub basic_auth: Option, /// Whether to enable HTTP2. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] pub enable_http2: Option, /// Configure whether HTTP requests follow HTTP 3xx redirects. #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] pub follow_redirects: Option, + /// Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option, /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names /// that should be excluded from proxying. IP and domain names can /// contain port numbers. @@ -5143,16 +5416,16 @@ pub struct ScrapeConfigHttpSdConfigs { /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, - /// Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + /// Optional OAuth 2.0 configuration. /// Cannot be set at the same time as `authorization`, or `basicAuth`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub oauth2: Option, + pub oauth2: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -5162,24 +5435,38 @@ pub struct ScrapeConfigHttpSdConfigs { /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, - /// RefreshInterval configures the refresh interval at which Prometheus will re-query the - /// endpoint to update the target list. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] - pub refresh_interval: Option, - /// TLS configuration applying to the target HTTP endpoint. + /// Role of the Kubernetes entities that should be discovered. + /// Role `Endpointslice` requires Prometheus >= v2.21.0 + pub role: ScrapeConfigKubernetesSdConfigsRole, + /// Selector to select objects. + /// It requires Prometheus >= v2.17.0 + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selectors: Option>, + /// TLS configuration to connect to the Kubernetes API. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, - /// URL from which the targets are fetched. - pub url: String, + pub tls_config: Option, } -/// Authorization header configuration to authenticate against the target HTTP endpoint. -/// Cannot be set at the same time as `oAuth2`, or `basicAuth`. +/// Optional metadata to attach to discovered targets. +/// It requires Prometheus >= v2.35.0 when using the `Pod` role and +/// Prometheus >= v2.37.0 for `Endpoints` and `Endpointslice` roles. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsAuthorization { +pub struct ScrapeConfigKubernetesSdConfigsAttachMetadata { + /// Attaches node metadata to discovered targets. + /// When set to true, Prometheus must have the `get` permission on the + /// `Nodes` objects. + /// Only valid for Pod, Endpoint and Endpointslice roles. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub node: Option, +} + +/// Authorization header to use on every scrape request. +/// Cannot be set at the same time as `basicAuth`, or `oauth2`. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKubernetesSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub credentials: Option, + pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// /// "Basic" is not a supported value. @@ -5191,7 +5478,7 @@ pub struct ScrapeConfigHttpSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsAuthorizationCredentials { +pub struct ScrapeConfigKubernetesSdConfigsAuthorizationCredentials { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -5206,25 +5493,24 @@ pub struct ScrapeConfigHttpSdConfigsAuthorizationCredentials { pub optional: Option, } -/// BasicAuth information to authenticate against the target HTTP endpoint. -/// More info: https://prometheus.io/docs/operating/configuration/#endpoints -/// Cannot be set at the same time as `authorization`, or `oAuth2`. +/// BasicAuth information to use on every scrape request. +/// Cannot be set at the same time as `authorization`, or `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsBasicAuth { +pub struct ScrapeConfigKubernetesSdConfigsBasicAuth { /// `password` specifies a key of a Secret containing the password for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub password: Option, + pub password: Option, /// `username` specifies a key of a Secret containing the username for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub username: Option, + pub username: Option, } /// `password` specifies a key of a Secret containing the password for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsBasicAuthPassword { +pub struct ScrapeConfigKubernetesSdConfigsBasicAuthPassword { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -5242,7 +5528,7 @@ pub struct ScrapeConfigHttpSdConfigsBasicAuthPassword { /// `username` specifies a key of a Secret containing the username for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsBasicAuthUsername { +pub struct ScrapeConfigKubernetesSdConfigsBasicAuthUsername { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -5254,21 +5540,33 @@ pub struct ScrapeConfigHttpSdConfigsBasicAuthUsername { pub name: Option, /// Specify whether the Secret or its key must be defined #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, + pub optional: Option, +} + +/// Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKubernetesSdConfigsNamespaces { + /// List of namespaces where to watch for resources. + /// If empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub names: Option>, + /// Includes the namespace in which the Prometheus pod runs to the list of watched namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ownNamespace")] + pub own_namespace: Option, } -/// Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. +/// Optional OAuth 2.0 configuration. /// Cannot be set at the same time as `authorization`, or `basicAuth`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsOauth2 { +pub struct ScrapeConfigKubernetesSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[serde(rename = "clientId")] - pub client_id: ScrapeConfigHttpSdConfigsOauth2ClientId, + pub client_id: ScrapeConfigKubernetesSdConfigsOauth2ClientId, /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[serde(rename = "clientSecret")] - pub client_secret: ScrapeConfigHttpSdConfigsOauth2ClientSecret, + pub client_secret: ScrapeConfigKubernetesSdConfigsOauth2ClientSecret, /// `endpointParams` configures the HTTP parameters to append to the token /// URL. #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] @@ -5285,7 +5583,7 @@ pub struct ScrapeConfigHttpSdConfigsOauth2 { /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -5301,7 +5599,7 @@ pub struct ScrapeConfigHttpSdConfigsOauth2 { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, /// `tokenURL` configures the URL to fetch the token from. #[serde(rename = "tokenUrl")] pub token_url: String, @@ -5310,18 +5608,18 @@ pub struct ScrapeConfigHttpSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsOauth2ClientId { +pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientId { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsOauth2ClientIdConfigMap { +pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientIdConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -5338,7 +5636,7 @@ pub struct ScrapeConfigHttpSdConfigsOauth2ClientIdConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsOauth2ClientIdSecret { +pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientIdSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -5356,7 +5654,7 @@ pub struct ScrapeConfigHttpSdConfigsOauth2ClientIdSecret { /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsOauth2ClientSecret { +pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -5373,7 +5671,7 @@ pub struct ScrapeConfigHttpSdConfigsOauth2ClientSecret { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsOauth2ProxyConnectHeader { +pub struct ScrapeConfigKubernetesSdConfigsOauth2ProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -5391,29 +5689,29 @@ pub struct ScrapeConfigHttpSdConfigsOauth2ProxyConnectHeader { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfig { +pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -5421,18 +5719,18 @@ pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCa { +pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCaConfigMap { +pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -5449,7 +5747,7 @@ pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCaSecret { +pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -5466,18 +5764,18 @@ pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCert { +pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCertConfigMap { +pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -5494,7 +5792,7 @@ pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCertSecret { +pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -5511,7 +5809,7 @@ pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigKeySecret { +pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -5529,7 +5827,7 @@ pub struct ScrapeConfigHttpSdConfigsOauth2TlsConfigKeySecret { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigHttpSdConfigsOauth2TlsConfigMaxVersion { +pub enum ScrapeConfigKubernetesSdConfigsOauth2TlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -5543,7 +5841,7 @@ pub enum ScrapeConfigHttpSdConfigsOauth2TlsConfigMaxVersion { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigHttpSdConfigsOauth2TlsConfigMinVersion { +pub enum ScrapeConfigKubernetesSdConfigsOauth2TlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -5556,7 +5854,7 @@ pub enum ScrapeConfigHttpSdConfigsOauth2TlsConfigMinVersion { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsProxyConnectHeader { +pub struct ScrapeConfigKubernetesSdConfigsProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -5571,31 +5869,70 @@ pub struct ScrapeConfigHttpSdConfigsProxyConnectHeader { pub optional: Option, } -/// TLS configuration applying to the target HTTP endpoint. +/// KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigKubernetesSdConfigsRole { + Pod, + Endpoints, + Ingress, + Service, + Node, + EndpointSlice, +} + +/// K8SSelectorConfig is Kubernetes Selector Config +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct ScrapeConfigKubernetesSdConfigsSelectors { + /// An optional field selector to limit the service discovery to resources which have fields with specific values. + /// e.g: `metadata.name=foobar` + #[serde(default, skip_serializing_if = "Option::is_none")] + pub field: Option, + /// An optional label selector to limit the service discovery to resources with specific labels and label values. + /// e.g: `node.kubernetes.io/instance-type=master` + #[serde(default, skip_serializing_if = "Option::is_none")] + pub label: Option, + /// Role specifies the type of Kubernetes resource to limit the service discovery to. + /// Accepted values are: Node, Pod, Endpoints, EndpointSlice, Service, Ingress. + pub role: ScrapeConfigKubernetesSdConfigsSelectorsRole, +} + +/// K8SSelectorConfig is Kubernetes Selector Config +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigKubernetesSdConfigsSelectorsRole { + Pod, + Endpoints, + Ingress, + Service, + Node, + EndpointSlice, +} + +/// TLS configuration to connect to the Kubernetes API. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsTlsConfig { +pub struct ScrapeConfigKubernetesSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -5603,18 +5940,18 @@ pub struct ScrapeConfigHttpSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsTlsConfigCa { +pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsTlsConfigCaConfigMap { +pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -5631,7 +5968,7 @@ pub struct ScrapeConfigHttpSdConfigsTlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsTlsConfigCaSecret { +pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -5648,18 +5985,18 @@ pub struct ScrapeConfigHttpSdConfigsTlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsTlsConfigCert { +pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsTlsConfigCertConfigMap { +pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -5676,7 +6013,7 @@ pub struct ScrapeConfigHttpSdConfigsTlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsTlsConfigCertSecret { +pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -5693,7 +6030,7 @@ pub struct ScrapeConfigHttpSdConfigsTlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigHttpSdConfigsTlsConfigKeySecret { +pub struct ScrapeConfigKubernetesSdConfigsTlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -5708,9 +6045,9 @@ pub struct ScrapeConfigHttpSdConfigsTlsConfigKeySecret { pub optional: Option, } -/// TLS configuration applying to the target HTTP endpoint. +/// TLS configuration to connect to the Kubernetes API. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigHttpSdConfigsTlsConfigMaxVersion { +pub enum ScrapeConfigKubernetesSdConfigsTlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -5721,9 +6058,9 @@ pub enum ScrapeConfigHttpSdConfigsTlsConfigMaxVersion { Tls13, } -/// TLS configuration applying to the target HTTP endpoint. +/// TLS configuration to connect to the Kubernetes API. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigHttpSdConfigsTlsConfigMinVersion { +pub enum ScrapeConfigKubernetesSdConfigsTlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -5734,39 +6071,28 @@ pub enum ScrapeConfigHttpSdConfigsTlsConfigMinVersion { Tls13, } -/// KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigs { - /// The API server address consisting of a hostname or IP address followed - /// by an optional port number. - /// If left empty, Prometheus is assumed to run inside - /// of the cluster. It will discover API servers automatically and use the pod's - /// CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiServer")] - pub api_server: Option, - /// Optional metadata to attach to discovered targets. - /// It requires Prometheus >= v2.35.0 when using the `Pod` role and - /// Prometheus >= v2.37.0 for `Endpoints` and `Endpointslice` roles. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "attachMetadata")] - pub attach_metadata: Option, +/// KumaSDConfig allow retrieving scrape targets from Kuma's control plane. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigKumaSdConfigs { /// Authorization header to use on every scrape request. - /// Cannot be set at the same time as `basicAuth`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub authorization: Option, + pub authorization: Option, /// BasicAuth information to use on every scrape request. - /// Cannot be set at the same time as `authorization`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] - pub basic_auth: Option, + pub basic_auth: Option, + /// Client id is used by Kuma Control Plane to compute Monitoring Assignment for specific Prometheus backend. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientID")] + pub client_id: Option, /// Whether to enable HTTP2. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] pub enable_http2: Option, + /// The time after which the monitoring assignments are refreshed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fetchTimeout")] + pub fetch_timeout: Option, /// Configure whether HTTP requests follow HTTP 3xx redirects. #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] pub follow_redirects: Option, - /// Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option, /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names /// that should be excluded from proxying. IP and domain names can /// contain port numbers. @@ -5777,13 +6103,13 @@ pub struct ScrapeConfigKubernetesSdConfigs { /// Optional OAuth 2.0 configuration. /// Cannot be set at the same time as `authorization`, or `basicAuth`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub oauth2: Option, + pub oauth2: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -5793,38 +6119,22 @@ pub struct ScrapeConfigKubernetesSdConfigs { /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, - /// Role of the Kubernetes entities that should be discovered. - /// Role `Endpointslice` requires Prometheus >= v2.21.0 - pub role: ScrapeConfigKubernetesSdConfigsRole, - /// Selector to select objects. - /// It requires Prometheus >= v2.17.0 - #[serde(default, skip_serializing_if = "Option::is_none")] - pub selectors: Option>, - /// TLS configuration to connect to the Kubernetes API. + /// The time to wait between polling update requests. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] + pub refresh_interval: Option, + /// Address of the Kuma Control Plane's MADS xDS server. + pub server: String, + /// TLS configuration to use on every scrape request #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, -} - -/// Optional metadata to attach to discovered targets. -/// It requires Prometheus >= v2.35.0 when using the `Pod` role and -/// Prometheus >= v2.37.0 for `Endpoints` and `Endpointslice` roles. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsAttachMetadata { - /// Attaches node metadata to discovered targets. - /// When set to true, Prometheus must have the `get` permission on the - /// `Nodes` objects. - /// Only valid for Pod, Endpoint and Endpointslice roles. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub node: Option, + pub tls_config: Option, } /// Authorization header to use on every scrape request. -/// Cannot be set at the same time as `basicAuth`, or `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsAuthorization { +pub struct ScrapeConfigKumaSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub credentials: Option, + pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// /// "Basic" is not a supported value. @@ -5836,7 +6146,7 @@ pub struct ScrapeConfigKubernetesSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsAuthorizationCredentials { +pub struct ScrapeConfigKumaSdConfigsAuthorizationCredentials { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -5852,23 +6162,22 @@ pub struct ScrapeConfigKubernetesSdConfigsAuthorizationCredentials { } /// BasicAuth information to use on every scrape request. -/// Cannot be set at the same time as `authorization`, or `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsBasicAuth { +pub struct ScrapeConfigKumaSdConfigsBasicAuth { /// `password` specifies a key of a Secret containing the password for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub password: Option, + pub password: Option, /// `username` specifies a key of a Secret containing the username for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub username: Option, + pub username: Option, } /// `password` specifies a key of a Secret containing the password for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsBasicAuthPassword { +pub struct ScrapeConfigKumaSdConfigsBasicAuthPassword { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -5886,7 +6195,7 @@ pub struct ScrapeConfigKubernetesSdConfigsBasicAuthPassword { /// `username` specifies a key of a Secret containing the username for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsBasicAuthUsername { +pub struct ScrapeConfigKumaSdConfigsBasicAuthUsername { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -5896,35 +6205,23 @@ pub struct ScrapeConfigKubernetesSdConfigsBasicAuthUsername { /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Specify whether the Secret or its key must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -/// Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsNamespaces { - /// List of namespaces where to watch for resources. - /// If empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces. + /// Specify whether the Secret or its key must be defined #[serde(default, skip_serializing_if = "Option::is_none")] - pub names: Option>, - /// Includes the namespace in which the Prometheus pod runs to the list of watched namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "ownNamespace")] - pub own_namespace: Option, + pub optional: Option, } /// Optional OAuth 2.0 configuration. /// Cannot be set at the same time as `authorization`, or `basicAuth`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsOauth2 { +pub struct ScrapeConfigKumaSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[serde(rename = "clientId")] - pub client_id: ScrapeConfigKubernetesSdConfigsOauth2ClientId, + pub client_id: ScrapeConfigKumaSdConfigsOauth2ClientId, /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[serde(rename = "clientSecret")] - pub client_secret: ScrapeConfigKubernetesSdConfigsOauth2ClientSecret, + pub client_secret: ScrapeConfigKumaSdConfigsOauth2ClientSecret, /// `endpointParams` configures the HTTP parameters to append to the token /// URL. #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] @@ -5941,7 +6238,7 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2 { /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -5957,7 +6254,7 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2 { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, /// `tokenURL` configures the URL to fetch the token from. #[serde(rename = "tokenUrl")] pub token_url: String, @@ -5966,18 +6263,18 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientId { +pub struct ScrapeConfigKumaSdConfigsOauth2ClientId { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientIdConfigMap { +pub struct ScrapeConfigKumaSdConfigsOauth2ClientIdConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -5994,7 +6291,7 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientIdConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientIdSecret { +pub struct ScrapeConfigKumaSdConfigsOauth2ClientIdSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6012,7 +6309,7 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientIdSecret { /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientSecret { +pub struct ScrapeConfigKumaSdConfigsOauth2ClientSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6029,7 +6326,7 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2ClientSecret { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsOauth2ProxyConnectHeader { +pub struct ScrapeConfigKumaSdConfigsOauth2ProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6047,29 +6344,29 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2ProxyConnectHeader { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfig { +pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -6077,18 +6374,18 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCa { +pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCaConfigMap { +pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -6105,7 +6402,7 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCaSecret { +pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6122,18 +6419,18 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCert { +pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCertConfigMap { +pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -6150,7 +6447,7 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCertSecret { +pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6167,7 +6464,7 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigKeySecret { +pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6185,7 +6482,7 @@ pub struct ScrapeConfigKubernetesSdConfigsOauth2TlsConfigKeySecret { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigKubernetesSdConfigsOauth2TlsConfigMaxVersion { +pub enum ScrapeConfigKumaSdConfigsOauth2TlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -6199,7 +6496,7 @@ pub enum ScrapeConfigKubernetesSdConfigsOauth2TlsConfigMaxVersion { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigKubernetesSdConfigsOauth2TlsConfigMinVersion { +pub enum ScrapeConfigKumaSdConfigsOauth2TlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -6212,7 +6509,7 @@ pub enum ScrapeConfigKubernetesSdConfigsOauth2TlsConfigMinVersion { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsProxyConnectHeader { +pub struct ScrapeConfigKumaSdConfigsProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6227,70 +6524,31 @@ pub struct ScrapeConfigKubernetesSdConfigsProxyConnectHeader { pub optional: Option, } -/// KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigKubernetesSdConfigsRole { - Pod, - Endpoints, - Ingress, - Service, - Node, - EndpointSlice, -} - -/// K8SSelectorConfig is Kubernetes Selector Config -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsSelectors { - /// An optional field selector to limit the service discovery to resources which have fields with specific values. - /// e.g: `metadata.name=foobar` - #[serde(default, skip_serializing_if = "Option::is_none")] - pub field: Option, - /// An optional label selector to limit the service discovery to resources with specific labels and label values. - /// e.g: `node.kubernetes.io/instance-type=master` - #[serde(default, skip_serializing_if = "Option::is_none")] - pub label: Option, - /// Role specifies the type of Kubernetes resource to limit the service discovery to. - /// Accepted values are: Node, Pod, Endpoints, EndpointSlice, Service, Ingress. - pub role: ScrapeConfigKubernetesSdConfigsSelectorsRole, -} - -/// K8SSelectorConfig is Kubernetes Selector Config -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigKubernetesSdConfigsSelectorsRole { - Pod, - Endpoints, - Ingress, - Service, - Node, - EndpointSlice, -} - -/// TLS configuration to connect to the Kubernetes API. +/// TLS configuration to use on every scrape request #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsTlsConfig { +pub struct ScrapeConfigKumaSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -6298,18 +6556,18 @@ pub struct ScrapeConfigKubernetesSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCa { +pub struct ScrapeConfigKumaSdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCaConfigMap { +pub struct ScrapeConfigKumaSdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -6326,7 +6584,7 @@ pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCaSecret { +pub struct ScrapeConfigKumaSdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6343,18 +6601,18 @@ pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCert { +pub struct ScrapeConfigKumaSdConfigsTlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCertConfigMap { +pub struct ScrapeConfigKumaSdConfigsTlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -6371,7 +6629,7 @@ pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCertSecret { +pub struct ScrapeConfigKumaSdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6388,7 +6646,7 @@ pub struct ScrapeConfigKubernetesSdConfigsTlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKubernetesSdConfigsTlsConfigKeySecret { +pub struct ScrapeConfigKumaSdConfigsTlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6403,9 +6661,9 @@ pub struct ScrapeConfigKubernetesSdConfigsTlsConfigKeySecret { pub optional: Option, } -/// TLS configuration to connect to the Kubernetes API. +/// TLS configuration to use on every scrape request #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigKubernetesSdConfigsTlsConfigMaxVersion { +pub enum ScrapeConfigKumaSdConfigsTlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -6416,9 +6674,9 @@ pub enum ScrapeConfigKubernetesSdConfigsTlsConfigMaxVersion { Tls13, } -/// TLS configuration to connect to the Kubernetes API. +/// TLS configuration to use on every scrape request #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigKubernetesSdConfigsTlsConfigMinVersion { +pub enum ScrapeConfigKumaSdConfigsTlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -6429,26 +6687,28 @@ pub enum ScrapeConfigKubernetesSdConfigsTlsConfigMinVersion { Tls13, } -/// KumaSDConfig allow retrieving scrape targets from Kuma's control plane. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config +/// LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigs { - /// Authorization header to use on every scrape request. +pub struct ScrapeConfigLightSailSdConfigs { + /// AccessKey is the AWS API key. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessKey")] + pub access_key: Option, + /// Optional `authorization` HTTP header configuration. + /// Cannot be set at the same time as `basicAuth`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub authorization: Option, - /// BasicAuth information to use on every scrape request. + pub authorization: Option, + /// Optional HTTP basic authentication information. + /// Cannot be set at the same time as `authorization`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] - pub basic_auth: Option, - /// Client id is used by Kuma Control Plane to compute Monitoring Assignment for specific Prometheus backend. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientID")] - pub client_id: Option, - /// Whether to enable HTTP2. + pub basic_auth: Option, + /// Configure whether to enable HTTP2. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] pub enable_http2: Option, - /// The time after which the monitoring assignments are refreshed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fetchTimeout")] - pub fetch_timeout: Option, - /// Configure whether HTTP requests follow HTTP 3xx redirects. + /// Custom endpoint to be used. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub endpoint: Option, + /// Configure whether the HTTP requests should follow HTTP 3xx redirects. #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] pub follow_redirects: Option, /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -6458,16 +6718,20 @@ pub struct ScrapeConfigKumaSdConfigs { /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, - /// Optional OAuth 2.0 configuration. - /// Cannot be set at the same time as `authorization`, or `basicAuth`. + /// Optional OAuth2.0 configuration. + /// Cannot be set at the same time as `basicAuth`, or `authorization`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub oauth2: Option, + pub oauth2: Option, + /// Port to scrape the metrics from. + /// If using the public IP address, this must instead be specified in the relabeling rule. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -6477,22 +6741,47 @@ pub struct ScrapeConfigKumaSdConfigs { /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, - /// The time to wait between polling update requests. + /// Refresh interval to re-read the list of instances. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, - /// Address of the Kuma Control Plane's MADS xDS server. - pub server: String, - /// TLS configuration to use on every scrape request + /// The AWS region. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub region: Option, + /// AWS Role ARN, an alternative to using AWS API keys. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "roleARN")] + pub role_arn: Option, + /// SecretKey is the AWS API secret. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKey")] + pub secret_key: Option, + /// TLS configuration to connect to the Puppet DB. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, } -/// Authorization header to use on every scrape request. +/// AccessKey is the AWS API key. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsAuthorization { +pub struct ScrapeConfigLightSailSdConfigsAccessKey { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Optional `authorization` HTTP header configuration. +/// Cannot be set at the same time as `basicAuth`, or `oauth2`. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigLightSailSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub credentials: Option, + pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// /// "Basic" is not a supported value. @@ -6504,7 +6793,7 @@ pub struct ScrapeConfigKumaSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsAuthorizationCredentials { +pub struct ScrapeConfigLightSailSdConfigsAuthorizationCredentials { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6519,23 +6808,24 @@ pub struct ScrapeConfigKumaSdConfigsAuthorizationCredentials { pub optional: Option, } -/// BasicAuth information to use on every scrape request. +/// Optional HTTP basic authentication information. +/// Cannot be set at the same time as `authorization`, or `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsBasicAuth { +pub struct ScrapeConfigLightSailSdConfigsBasicAuth { /// `password` specifies a key of a Secret containing the password for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub password: Option, + pub password: Option, /// `username` specifies a key of a Secret containing the username for /// authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub username: Option, + pub username: Option, } /// `password` specifies a key of a Secret containing the password for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsBasicAuthPassword { +pub struct ScrapeConfigLightSailSdConfigsBasicAuthPassword { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6553,7 +6843,7 @@ pub struct ScrapeConfigKumaSdConfigsBasicAuthPassword { /// `username` specifies a key of a Secret containing the username for /// authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsBasicAuthUsername { +pub struct ScrapeConfigLightSailSdConfigsBasicAuthUsername { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6567,19 +6857,19 @@ pub struct ScrapeConfigKumaSdConfigsBasicAuthUsername { #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } - -/// Optional OAuth 2.0 configuration. -/// Cannot be set at the same time as `authorization`, or `basicAuth`. + +/// Optional OAuth2.0 configuration. +/// Cannot be set at the same time as `basicAuth`, or `authorization`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsOauth2 { +pub struct ScrapeConfigLightSailSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[serde(rename = "clientId")] - pub client_id: ScrapeConfigKumaSdConfigsOauth2ClientId, + pub client_id: ScrapeConfigLightSailSdConfigsOauth2ClientId, /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[serde(rename = "clientSecret")] - pub client_secret: ScrapeConfigKumaSdConfigsOauth2ClientSecret, + pub client_secret: ScrapeConfigLightSailSdConfigsOauth2ClientSecret, /// `endpointParams` configures the HTTP parameters to append to the token /// URL. #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] @@ -6596,7 +6886,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2 { /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -6612,7 +6902,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2 { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, /// `tokenURL` configures the URL to fetch the token from. #[serde(rename = "tokenUrl")] pub token_url: String, @@ -6621,18 +6911,18 @@ pub struct ScrapeConfigKumaSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsOauth2ClientId { +pub struct ScrapeConfigLightSailSdConfigsOauth2ClientId { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsOauth2ClientIdConfigMap { +pub struct ScrapeConfigLightSailSdConfigsOauth2ClientIdConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -6649,7 +6939,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2ClientIdConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsOauth2ClientIdSecret { +pub struct ScrapeConfigLightSailSdConfigsOauth2ClientIdSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6667,7 +6957,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2ClientIdSecret { /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsOauth2ClientSecret { +pub struct ScrapeConfigLightSailSdConfigsOauth2ClientSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6684,7 +6974,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2ClientSecret { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsOauth2ProxyConnectHeader { +pub struct ScrapeConfigLightSailSdConfigsOauth2ProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6702,29 +6992,29 @@ pub struct ScrapeConfigKumaSdConfigsOauth2ProxyConnectHeader { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfig { +pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -6732,18 +7022,18 @@ pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCa { +pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCaConfigMap { +pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -6760,7 +7050,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCaSecret { +pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6777,18 +7067,18 @@ pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCert { +pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCertConfigMap { +pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -6805,7 +7095,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCertSecret { +pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6822,7 +7112,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigKeySecret { +pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6840,7 +7130,7 @@ pub struct ScrapeConfigKumaSdConfigsOauth2TlsConfigKeySecret { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigKumaSdConfigsOauth2TlsConfigMaxVersion { +pub enum ScrapeConfigLightSailSdConfigsOauth2TlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -6854,7 +7144,7 @@ pub enum ScrapeConfigKumaSdConfigsOauth2TlsConfigMaxVersion { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigKumaSdConfigsOauth2TlsConfigMinVersion { +pub enum ScrapeConfigLightSailSdConfigsOauth2TlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -6867,7 +7157,7 @@ pub enum ScrapeConfigKumaSdConfigsOauth2TlsConfigMinVersion { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsProxyConnectHeader { +pub struct ScrapeConfigLightSailSdConfigsProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6882,31 +7172,48 @@ pub struct ScrapeConfigKumaSdConfigsProxyConnectHeader { pub optional: Option, } -/// TLS configuration to use on every scrape request +/// SecretKey is the AWS API secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsTlsConfig { +pub struct ScrapeConfigLightSailSdConfigsSecretKey { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// TLS configuration to connect to the Puppet DB. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigLightSailSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -6914,18 +7221,18 @@ pub struct ScrapeConfigKumaSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsTlsConfigCa { +pub struct ScrapeConfigLightSailSdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsTlsConfigCaConfigMap { +pub struct ScrapeConfigLightSailSdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -6942,7 +7249,7 @@ pub struct ScrapeConfigKumaSdConfigsTlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsTlsConfigCaSecret { +pub struct ScrapeConfigLightSailSdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -6959,18 +7266,18 @@ pub struct ScrapeConfigKumaSdConfigsTlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsTlsConfigCert { +pub struct ScrapeConfigLightSailSdConfigsTlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsTlsConfigCertConfigMap { +pub struct ScrapeConfigLightSailSdConfigsTlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -6987,7 +7294,7 @@ pub struct ScrapeConfigKumaSdConfigsTlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsTlsConfigCertSecret { +pub struct ScrapeConfigLightSailSdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -7004,7 +7311,7 @@ pub struct ScrapeConfigKumaSdConfigsTlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigKumaSdConfigsTlsConfigKeySecret { +pub struct ScrapeConfigLightSailSdConfigsTlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -7019,9 +7326,9 @@ pub struct ScrapeConfigKumaSdConfigsTlsConfigKeySecret { pub optional: Option, } -/// TLS configuration to use on every scrape request +/// TLS configuration to connect to the Puppet DB. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigKumaSdConfigsTlsConfigMaxVersion { +pub enum ScrapeConfigLightSailSdConfigsTlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -7032,9 +7339,9 @@ pub enum ScrapeConfigKumaSdConfigsTlsConfigMaxVersion { Tls13, } -/// TLS configuration to use on every scrape request +/// TLS configuration to connect to the Puppet DB. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigKumaSdConfigsTlsConfigMinVersion { +pub enum ScrapeConfigLightSailSdConfigsTlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -7045,28 +7352,17 @@ pub enum ScrapeConfigKumaSdConfigsTlsConfigMinVersion { Tls13, } -/// LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config +/// LinodeSDConfig configurations allow retrieving scrape targets from Linode's Linode APIv4. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#linode_sd_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigs { - /// AccessKey is the AWS API key. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessKey")] - pub access_key: Option, - /// Optional `authorization` HTTP header configuration. - /// Cannot be set at the same time as `basicAuth`, or `oauth2`. +pub struct ScrapeConfigLinodeSdConfigs { + /// Authorization header configuration. #[serde(default, skip_serializing_if = "Option::is_none")] - pub authorization: Option, - /// Optional HTTP basic authentication information. - /// Cannot be set at the same time as `authorization`, or `oauth2`. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] - pub basic_auth: Option, - /// Configure whether to enable HTTP2. + pub authorization: Option, + /// Whether to enable HTTP2. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] pub enable_http2: Option, - /// Custom endpoint to be used. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub endpoint: Option, - /// Configure whether the HTTP requests should follow HTTP 3xx redirects. + /// Configure whether HTTP requests follow HTTP 3xx redirects. #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] pub follow_redirects: Option, /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -7076,12 +7372,11 @@ pub struct ScrapeConfigLightSailSdConfigs { /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, - /// Optional OAuth2.0 configuration. - /// Cannot be set at the same time as `basicAuth`, or `authorization`. + /// Optional OAuth 2.0 configuration. + /// Cannot be used at the same time as `authorization`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub oauth2: Option, - /// Port to scrape the metrics from. - /// If using the public IP address, this must instead be specified in the relabeling rule. + pub oauth2: Option, + /// Default port to scrape metrics from. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// ProxyConnectHeader optionally specifies headers to send to @@ -7089,7 +7384,7 @@ pub struct ScrapeConfigLightSailSdConfigs { /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -7099,47 +7394,26 @@ pub struct ScrapeConfigLightSailSdConfigs { /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, - /// Refresh interval to re-read the list of instances. + /// Time after which the linode instances are refreshed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, - /// The AWS region. + /// Optional region to filter on. #[serde(default, skip_serializing_if = "Option::is_none")] pub region: Option, - /// AWS Role ARN, an alternative to using AWS API keys. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "roleARN")] - pub role_arn: Option, - /// SecretKey is the AWS API secret. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKey")] - pub secret_key: Option, - /// TLS configuration to connect to the Puppet DB. + /// The string by which Linode Instance tags are joined into the tag label. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tagSeparator")] + pub tag_separator: Option, + /// TLS configuration applying to the target HTTP endpoint. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, -} - -/// AccessKey is the AWS API key. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsAccessKey { - /// The key of the secret to select from. Must be a valid secret key. - pub key: String, - /// Name of the referent. - /// This field is effectively required, but due to backwards compatibility is - /// allowed to be empty. Instances of this type with an empty value here are - /// almost certainly wrong. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the Secret or its key must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, + pub tls_config: Option, } -/// Optional `authorization` HTTP header configuration. -/// Cannot be set at the same time as `basicAuth`, or `oauth2`. +/// Authorization header configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsAuthorization { +pub struct ScrapeConfigLinodeSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub credentials: Option, + pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// /// "Basic" is not a supported value. @@ -7151,57 +7425,7 @@ pub struct ScrapeConfigLightSailSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsAuthorizationCredentials { - /// The key of the secret to select from. Must be a valid secret key. - pub key: String, - /// Name of the referent. - /// This field is effectively required, but due to backwards compatibility is - /// allowed to be empty. Instances of this type with an empty value here are - /// almost certainly wrong. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the Secret or its key must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -/// Optional HTTP basic authentication information. -/// Cannot be set at the same time as `authorization`, or `oauth2`. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsBasicAuth { - /// `password` specifies a key of a Secret containing the password for - /// authentication. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub password: Option, - /// `username` specifies a key of a Secret containing the username for - /// authentication. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub username: Option, -} - -/// `password` specifies a key of a Secret containing the password for -/// authentication. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsBasicAuthPassword { - /// The key of the secret to select from. Must be a valid secret key. - pub key: String, - /// Name of the referent. - /// This field is effectively required, but due to backwards compatibility is - /// allowed to be empty. Instances of this type with an empty value here are - /// almost certainly wrong. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the Secret or its key must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -/// `username` specifies a key of a Secret containing the username for -/// authentication. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsBasicAuthUsername { +pub struct ScrapeConfigLinodeSdConfigsAuthorizationCredentials { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -7216,18 +7440,18 @@ pub struct ScrapeConfigLightSailSdConfigsBasicAuthUsername { pub optional: Option, } -/// Optional OAuth2.0 configuration. -/// Cannot be set at the same time as `basicAuth`, or `authorization`. +/// Optional OAuth 2.0 configuration. +/// Cannot be used at the same time as `authorization`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsOauth2 { +pub struct ScrapeConfigLinodeSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[serde(rename = "clientId")] - pub client_id: ScrapeConfigLightSailSdConfigsOauth2ClientId, + pub client_id: ScrapeConfigLinodeSdConfigsOauth2ClientId, /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[serde(rename = "clientSecret")] - pub client_secret: ScrapeConfigLightSailSdConfigsOauth2ClientSecret, + pub client_secret: ScrapeConfigLinodeSdConfigsOauth2ClientSecret, /// `endpointParams` configures the HTTP parameters to append to the token /// URL. #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] @@ -7244,7 +7468,7 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2 { /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -7260,7 +7484,7 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2 { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, /// `tokenURL` configures the URL to fetch the token from. #[serde(rename = "tokenUrl")] pub token_url: String, @@ -7269,18 +7493,18 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsOauth2ClientId { +pub struct ScrapeConfigLinodeSdConfigsOauth2ClientId { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsOauth2ClientIdConfigMap { +pub struct ScrapeConfigLinodeSdConfigsOauth2ClientIdConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -7297,7 +7521,7 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2ClientIdConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsOauth2ClientIdSecret { +pub struct ScrapeConfigLinodeSdConfigsOauth2ClientIdSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -7315,7 +7539,7 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2ClientIdSecret { /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsOauth2ClientSecret { +pub struct ScrapeConfigLinodeSdConfigsOauth2ClientSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -7332,7 +7556,7 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2ClientSecret { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsOauth2ProxyConnectHeader { +pub struct ScrapeConfigLinodeSdConfigsOauth2ProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -7350,29 +7574,29 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2ProxyConnectHeader { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfig { +pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -7380,18 +7604,18 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCa { +pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCaConfigMap { +pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -7408,7 +7632,7 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCaSecret { +pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -7425,18 +7649,18 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCert { +pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCertConfigMap { +pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -7453,7 +7677,7 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCertSecret { +pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -7470,7 +7694,7 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigKeySecret { +pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -7488,7 +7712,7 @@ pub struct ScrapeConfigLightSailSdConfigsOauth2TlsConfigKeySecret { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigLightSailSdConfigsOauth2TlsConfigMaxVersion { +pub enum ScrapeConfigLinodeSdConfigsOauth2TlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -7502,7 +7726,7 @@ pub enum ScrapeConfigLightSailSdConfigsOauth2TlsConfigMaxVersion { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigLightSailSdConfigsOauth2TlsConfigMinVersion { +pub enum ScrapeConfigLinodeSdConfigsOauth2TlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -7515,24 +7739,7 @@ pub enum ScrapeConfigLightSailSdConfigsOauth2TlsConfigMinVersion { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsProxyConnectHeader { - /// The key of the secret to select from. Must be a valid secret key. - pub key: String, - /// Name of the referent. - /// This field is effectively required, but due to backwards compatibility is - /// allowed to be empty. Instances of this type with an empty value here are - /// almost certainly wrong. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the Secret or its key must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -/// SecretKey is the AWS API secret. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsSecretKey { +pub struct ScrapeConfigLinodeSdConfigsProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -7547,31 +7754,31 @@ pub struct ScrapeConfigLightSailSdConfigsSecretKey { pub optional: Option, } -/// TLS configuration to connect to the Puppet DB. +/// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsTlsConfig { +pub struct ScrapeConfigLinodeSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -7579,18 +7786,18 @@ pub struct ScrapeConfigLightSailSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsTlsConfigCa { +pub struct ScrapeConfigLinodeSdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsTlsConfigCaConfigMap { +pub struct ScrapeConfigLinodeSdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -7607,7 +7814,7 @@ pub struct ScrapeConfigLightSailSdConfigsTlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsTlsConfigCaSecret { +pub struct ScrapeConfigLinodeSdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -7624,18 +7831,18 @@ pub struct ScrapeConfigLightSailSdConfigsTlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsTlsConfigCert { +pub struct ScrapeConfigLinodeSdConfigsTlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsTlsConfigCertConfigMap { +pub struct ScrapeConfigLinodeSdConfigsTlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -7652,7 +7859,7 @@ pub struct ScrapeConfigLightSailSdConfigsTlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsTlsConfigCertSecret { +pub struct ScrapeConfigLinodeSdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -7669,7 +7876,7 @@ pub struct ScrapeConfigLightSailSdConfigsTlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLightSailSdConfigsTlsConfigKeySecret { +pub struct ScrapeConfigLinodeSdConfigsTlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -7684,9 +7891,9 @@ pub struct ScrapeConfigLightSailSdConfigsTlsConfigKeySecret { pub optional: Option, } -/// TLS configuration to connect to the Puppet DB. +/// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigLightSailSdConfigsTlsConfigMaxVersion { +pub enum ScrapeConfigLinodeSdConfigsTlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -7697,9 +7904,9 @@ pub enum ScrapeConfigLightSailSdConfigsTlsConfigMaxVersion { Tls13, } -/// TLS configuration to connect to the Puppet DB. +/// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigLightSailSdConfigsTlsConfigMinVersion { +pub enum ScrapeConfigLinodeSdConfigsTlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -7710,19 +7917,120 @@ pub enum ScrapeConfigLightSailSdConfigsTlsConfigMinVersion { Tls13, } -/// LinodeSDConfig configurations allow retrieving scrape targets from Linode's Linode APIv4. -/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#linode_sd_config +/// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +/// scraped samples and remote write samples. +/// +/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigs { - /// Authorization header configuration. +pub struct ScrapeConfigMetricRelabelings { + /// Action to perform based on the regex matching. + /// + /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + /// + /// Default: "Replace" #[serde(default, skip_serializing_if = "Option::is_none")] - pub authorization: Option, + pub action: Option, + /// Modulus to take of the hash of the source label values. + /// + /// Only applicable when the action is `HashMod`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub modulus: Option, + /// Regular expression against which the extracted value is matched. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub regex: Option, + /// Replacement value against which a Replace action is performed if the + /// regular expression matches. + /// + /// Regex capture groups are available. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub replacement: Option, + /// Separator is the string between concatenated SourceLabels. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub separator: Option, + /// The source labels select values from existing labels. Their content is + /// concatenated using the configured Separator and matched against the + /// configured regular expression. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sourceLabels")] + pub source_labels: Option>, + /// Label to which the resulting string is written in a replacement. + /// + /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + /// `KeepEqual` and `DropEqual` actions. + /// + /// Regex capture groups are available. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] + pub target_label: Option, +} + +/// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +/// scraped samples and remote write samples. +/// +/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigMetricRelabelingsAction { + #[serde(rename = "replace")] + Replace, + #[serde(rename = "Replace")] + ReplaceX, + #[serde(rename = "keep")] + Keep, + #[serde(rename = "Keep")] + KeepX, + #[serde(rename = "drop")] + Drop, + #[serde(rename = "Drop")] + DropX, + #[serde(rename = "hashmod")] + Hashmod, + HashMod, + #[serde(rename = "labelmap")] + Labelmap, + LabelMap, + #[serde(rename = "labeldrop")] + Labeldrop, + LabelDrop, + #[serde(rename = "labelkeep")] + Labelkeep, + LabelKeep, + #[serde(rename = "lowercase")] + Lowercase, + #[serde(rename = "Lowercase")] + LowercaseX, + #[serde(rename = "uppercase")] + Uppercase, + #[serde(rename = "Uppercase")] + UppercaseX, + #[serde(rename = "keepequal")] + Keepequal, + KeepEqual, + #[serde(rename = "dropequal")] + Dropequal, + DropEqual, +} + +/// NomadSDConfig configurations allow retrieving scrape targets from Nomad's Service API. +/// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#nomad_sd_config +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigNomadSdConfigs { + /// The information to access the Nomad API. It is to be defined + /// as the Nomad documentation requires. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowStale")] + pub allow_stale: Option, + /// Authorization header to use on every scrape request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub authorization: Option, + /// BasicAuth information to use on every scrape request. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] + pub basic_auth: Option, /// Whether to enable HTTP2. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] pub enable_http2: Option, /// Configure whether HTTP requests follow HTTP 3xx redirects. #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] pub follow_redirects: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names /// that should be excluded from proxying. IP and domain names can /// contain port numbers. @@ -7731,18 +8039,15 @@ pub struct ScrapeConfigLinodeSdConfigs { #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// Optional OAuth 2.0 configuration. - /// Cannot be used at the same time as `authorization`. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub oauth2: Option, - /// Default port to scrape metrics from. + /// Cannot be set at the same time as `authorization` or `basic_auth`. #[serde(default, skip_serializing_if = "Option::is_none")] - pub port: Option, + pub oauth2: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -7752,26 +8057,27 @@ pub struct ScrapeConfigLinodeSdConfigs { /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, - /// Time after which the linode instances are refreshed. + /// Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function. + /// Supported units: y, w, d, h, m, s, ms + /// Examples: `30s`, `1m`, `1h20m15s`, `15d` #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, - /// Optional region to filter on. #[serde(default, skip_serializing_if = "Option::is_none")] pub region: Option, - /// The string by which Linode Instance tags are joined into the tag label. + pub server: String, #[serde(default, skip_serializing_if = "Option::is_none", rename = "tagSeparator")] pub tag_separator: Option, /// TLS configuration applying to the target HTTP endpoint. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, } -/// Authorization header configuration. +/// Authorization header to use on every scrape request. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsAuthorization { +pub struct ScrapeConfigNomadSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub credentials: Option, + pub credentials: Option, /// Defines the authentication type. The value is case-insensitive. /// /// "Basic" is not a supported value. @@ -7783,7 +8089,56 @@ pub struct ScrapeConfigLinodeSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsAuthorizationCredentials { +pub struct ScrapeConfigNomadSdConfigsAuthorizationCredentials { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// BasicAuth information to use on every scrape request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigNomadSdConfigsBasicAuth { + /// `password` specifies a key of a Secret containing the password for + /// authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub password: Option, + /// `username` specifies a key of a Secret containing the username for + /// authentication. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub username: Option, +} + +/// `password` specifies a key of a Secret containing the password for +/// authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigNomadSdConfigsBasicAuthPassword { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// `username` specifies a key of a Secret containing the username for +/// authentication. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ScrapeConfigNomadSdConfigsBasicAuthUsername { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -7799,17 +8154,17 @@ pub struct ScrapeConfigLinodeSdConfigsAuthorizationCredentials { } /// Optional OAuth 2.0 configuration. -/// Cannot be used at the same time as `authorization`. +/// Cannot be set at the same time as `authorization` or `basic_auth`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsOauth2 { +pub struct ScrapeConfigNomadSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[serde(rename = "clientId")] - pub client_id: ScrapeConfigLinodeSdConfigsOauth2ClientId, + pub client_id: ScrapeConfigNomadSdConfigsOauth2ClientId, /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[serde(rename = "clientSecret")] - pub client_secret: ScrapeConfigLinodeSdConfigsOauth2ClientSecret, + pub client_secret: ScrapeConfigNomadSdConfigsOauth2ClientSecret, /// `endpointParams` configures the HTTP parameters to append to the token /// URL. #[serde(default, skip_serializing_if = "Option::is_none", rename = "endpointParams")] @@ -7826,7 +8181,7 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2 { /// /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] - pub proxy_connect_header: Option>, + pub proxy_connect_header: Option>, /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). /// If unset, Prometheus uses its default value. /// @@ -7842,7 +8197,7 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2 { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] - pub tls_config: Option, + pub tls_config: Option, /// `tokenURL` configures the URL to fetch the token from. #[serde(rename = "tokenUrl")] pub token_url: String, @@ -7851,18 +8206,18 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the /// OAuth2 client's ID. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsOauth2ClientId { +pub struct ScrapeConfigNomadSdConfigsOauth2ClientId { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsOauth2ClientIdConfigMap { +pub struct ScrapeConfigNomadSdConfigsOauth2ClientIdConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -7879,7 +8234,7 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2ClientIdConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsOauth2ClientIdSecret { +pub struct ScrapeConfigNomadSdConfigsOauth2ClientIdSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -7897,7 +8252,7 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2ClientIdSecret { /// `clientSecret` specifies a key of a Secret containing the OAuth2 /// client's secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsOauth2ClientSecret { +pub struct ScrapeConfigNomadSdConfigsOauth2ClientSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -7914,7 +8269,7 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2ClientSecret { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsOauth2ProxyConnectHeader { +pub struct ScrapeConfigNomadSdConfigsOauth2ProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -7932,29 +8287,29 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2ProxyConnectHeader { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfig { +pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -7962,18 +8317,18 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCa { +pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCaConfigMap { +pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -7990,7 +8345,7 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCaSecret { +pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -8007,18 +8362,18 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCert { +pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCertConfigMap { +pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -8035,7 +8390,7 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCertSecret { +pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -8052,7 +8407,7 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigKeySecret { +pub struct ScrapeConfigNomadSdConfigsOauth2TlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -8070,7 +8425,7 @@ pub struct ScrapeConfigLinodeSdConfigsOauth2TlsConfigKeySecret { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigLinodeSdConfigsOauth2TlsConfigMaxVersion { +pub enum ScrapeConfigNomadSdConfigsOauth2TlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -8084,7 +8439,7 @@ pub enum ScrapeConfigLinodeSdConfigsOauth2TlsConfigMaxVersion { /// TLS configuration to use when connecting to the OAuth2 server. /// It requires Prometheus >= v2.43.0. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigLinodeSdConfigsOauth2TlsConfigMinVersion { +pub enum ScrapeConfigNomadSdConfigsOauth2TlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -8097,7 +8452,7 @@ pub enum ScrapeConfigLinodeSdConfigsOauth2TlsConfigMinVersion { /// SecretKeySelector selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsProxyConnectHeader { +pub struct ScrapeConfigNomadSdConfigsProxyConnectHeader { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -8114,29 +8469,29 @@ pub struct ScrapeConfigLinodeSdConfigsProxyConnectHeader { /// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsTlsConfig { +pub struct ScrapeConfigNomadSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca: Option, + pub ca: Option, /// Client certificate to present when doing client-authentication. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cert: Option, + pub cert: Option, /// Disable target certificate validation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "insecureSkipVerify")] pub insecure_skip_verify: Option, /// Secret containing the client key file for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keySecret")] - pub key_secret: Option, + pub key_secret: Option, /// Maximum acceptable TLS version. /// /// It requires Prometheus >= v2.41.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxVersion")] - pub max_version: Option, + pub max_version: Option, /// Minimum acceptable TLS version. /// /// It requires Prometheus >= v2.35.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minVersion")] - pub min_version: Option, + pub min_version: Option, /// Used to verify the hostname for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverName")] pub server_name: Option, @@ -8144,18 +8499,18 @@ pub struct ScrapeConfigLinodeSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsTlsConfigCa { +pub struct ScrapeConfigNomadSdConfigsTlsConfigCa { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsTlsConfigCaConfigMap { +pub struct ScrapeConfigNomadSdConfigsTlsConfigCaConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -8172,7 +8527,7 @@ pub struct ScrapeConfigLinodeSdConfigsTlsConfigCaConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsTlsConfigCaSecret { +pub struct ScrapeConfigNomadSdConfigsTlsConfigCaSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -8189,18 +8544,18 @@ pub struct ScrapeConfigLinodeSdConfigsTlsConfigCaSecret { /// Client certificate to present when doing client-authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsTlsConfigCert { +pub struct ScrapeConfigNomadSdConfigsTlsConfigCert { /// ConfigMap containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, + pub config_map: Option, /// Secret containing data to use for the targets. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, + pub secret: Option, } /// ConfigMap containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsTlsConfigCertConfigMap { +pub struct ScrapeConfigNomadSdConfigsTlsConfigCertConfigMap { /// The key to select. pub key: String, /// Name of the referent. @@ -8217,7 +8572,7 @@ pub struct ScrapeConfigLinodeSdConfigsTlsConfigCertConfigMap { /// Secret containing data to use for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsTlsConfigCertSecret { +pub struct ScrapeConfigNomadSdConfigsTlsConfigCertSecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -8234,7 +8589,7 @@ pub struct ScrapeConfigLinodeSdConfigsTlsConfigCertSecret { /// Secret containing the client key file for the targets. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigLinodeSdConfigsTlsConfigKeySecret { +pub struct ScrapeConfigNomadSdConfigsTlsConfigKeySecret { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. @@ -8251,7 +8606,7 @@ pub struct ScrapeConfigLinodeSdConfigsTlsConfigKeySecret { /// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigLinodeSdConfigsTlsConfigMaxVersion { +pub enum ScrapeConfigNomadSdConfigsTlsConfigMaxVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -8264,7 +8619,7 @@ pub enum ScrapeConfigLinodeSdConfigsTlsConfigMaxVersion { /// TLS configuration applying to the target HTTP endpoint. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigLinodeSdConfigsTlsConfigMinVersion { +pub enum ScrapeConfigNomadSdConfigsTlsConfigMinVersion { #[serde(rename = "TLS10")] Tls10, #[serde(rename = "TLS11")] @@ -8275,99 +8630,7 @@ pub enum ScrapeConfigLinodeSdConfigsTlsConfigMinVersion { Tls13, } -/// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, -/// scraped samples and remote write samples. -/// -/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ScrapeConfigMetricRelabelings { - /// Action to perform based on the regex matching. - /// - /// `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. - /// `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - /// - /// Default: "Replace" - #[serde(default, skip_serializing_if = "Option::is_none")] - pub action: Option, - /// Modulus to take of the hash of the source label values. - /// - /// Only applicable when the action is `HashMod`. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub modulus: Option, - /// Regular expression against which the extracted value is matched. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub regex: Option, - /// Replacement value against which a Replace action is performed if the - /// regular expression matches. - /// - /// Regex capture groups are available. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub replacement: Option, - /// Separator is the string between concatenated SourceLabels. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub separator: Option, - /// The source labels select values from existing labels. Their content is - /// concatenated using the configured Separator and matched against the - /// configured regular expression. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "sourceLabels")] - pub source_labels: Option>, - /// Label to which the resulting string is written in a replacement. - /// - /// It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - /// `KeepEqual` and `DropEqual` actions. - /// - /// Regex capture groups are available. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLabel")] - pub target_label: Option, -} - -/// RelabelConfig allows dynamic rewriting of the label set for targets, alerts, -/// scraped samples and remote write samples. -/// -/// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ScrapeConfigMetricRelabelingsAction { - #[serde(rename = "replace")] - Replace, - #[serde(rename = "Replace")] - ReplaceX, - #[serde(rename = "keep")] - Keep, - #[serde(rename = "Keep")] - KeepX, - #[serde(rename = "drop")] - Drop, - #[serde(rename = "Drop")] - DropX, - #[serde(rename = "hashmod")] - Hashmod, - HashMod, - #[serde(rename = "labelmap")] - Labelmap, - LabelMap, - #[serde(rename = "labeldrop")] - Labeldrop, - LabelDrop, - #[serde(rename = "labelkeep")] - Labelkeep, - LabelKeep, - #[serde(rename = "lowercase")] - Lowercase, - #[serde(rename = "Lowercase")] - LowercaseX, - #[serde(rename = "uppercase")] - Uppercase, - #[serde(rename = "Uppercase")] - UppercaseX, - #[serde(rename = "keepequal")] - Keepequal, - KeepEqual, - #[serde(rename = "dropequal")] - Dropequal, - DropEqual, -} - -/// OAuth2 client credentials used to fetch a token for the targets. +/// OAuth2 configuration to use on every scrape request. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ScrapeConfigOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the diff --git a/kube-custom-resources-rs/src/networkfirewall_services_k8s_aws/v1alpha1/firewalls.rs b/kube-custom-resources-rs/src/networkfirewall_services_k8s_aws/v1alpha1/firewalls.rs index d55bea3ab..c13beeac3 100644 --- a/kube-custom-resources-rs/src/networkfirewall_services_k8s_aws/v1alpha1/firewalls.rs +++ b/kube-custom-resources-rs/src/networkfirewall_services_k8s_aws/v1alpha1/firewalls.rs @@ -276,14 +276,14 @@ pub struct FirewallStatusFirewallStatusCapacityUsageSummary { pub struct FirewallStatusFirewallStatusCapacityUsageSummaryCidrs { #[serde(default, skip_serializing_if = "Option::is_none", rename = "availableCIDRCount")] pub available_cidr_count: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "iPSetReferences")] - pub i_p_set_references: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ipSetReferences")] + pub ip_set_references: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "utilizedCIDRCount")] pub utilized_cidr_count: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FirewallStatusFirewallStatusCapacityUsageSummaryCidrsIPSetReferences { +pub struct FirewallStatusFirewallStatusCapacityUsageSummaryCidrsIpSetReferences { #[serde(default, skip_serializing_if = "Option::is_none", rename = "resolvedCIDRCount")] pub resolved_cidr_count: Option, } diff --git a/kube-custom-resources-rs/src/networkfirewall_services_k8s_aws/v1alpha1/rulegroups.rs b/kube-custom-resources-rs/src/networkfirewall_services_k8s_aws/v1alpha1/rulegroups.rs index 5b9ae21a0..ded041d0b 100644 --- a/kube-custom-resources-rs/src/networkfirewall_services_k8s_aws/v1alpha1/rulegroups.rs +++ b/kube-custom-resources-rs/src/networkfirewall_services_k8s_aws/v1alpha1/rulegroups.rs @@ -194,12 +194,12 @@ pub struct RuleGroupRuleGroup { /// Contains a set of IP set references. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuleGroupRuleGroupReferenceSets { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "iPSetReferences")] - pub i_p_set_references: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ipSetReferences")] + pub ip_set_references: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct RuleGroupRuleGroupReferenceSetsIPSetReferences { +pub struct RuleGroupRuleGroupReferenceSetsIpSetReferences { #[serde(default, skip_serializing_if = "Option::is_none", rename = "referenceARN")] pub reference_arn: Option, } @@ -208,14 +208,14 @@ pub struct RuleGroupRuleGroupReferenceSetsIPSetReferences { /// is defined. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RuleGroupRuleGroupRuleVariables { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "iPSets")] - pub i_p_sets: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ipSets")] + pub ip_sets: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "portSets")] pub port_sets: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct RuleGroupRuleGroupRuleVariablesIPSets { +pub struct RuleGroupRuleGroupRuleVariablesIpSets { #[serde(default, skip_serializing_if = "Option::is_none")] pub definition: Option>, } diff --git a/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgbackups.rs b/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgbackups.rs index 10afce3fa..7eb8e121f 100644 --- a/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgbackups.rs +++ b/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgbackups.rs @@ -205,7 +205,7 @@ pub struct PerconaPGBackupStatusRepoVolumeVolumeClaimSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. diff --git a/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgclusters.rs b/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgclusters.rs index beb83c25d..0f65cf944 100644 --- a/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgclusters.rs +++ b/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgclusters.rs @@ -109,6 +109,9 @@ pub struct PerconaPGClusterSpec { pub struct PerconaPGClusterBackups { /// pgBackRest archive configuration pub pgbackrest: PerconaPGClusterBackupsPgbackrest, + /// Enable tracking latest restorable time + #[serde(default, skip_serializing_if = "Option::is_none", rename = "trackLatestRestorableTime")] + pub track_latest_restorable_time: Option, } /// pgBackRest archive configuration @@ -158,20 +161,18 @@ pub struct PerconaPGClusterBackupsPgbackrest { pub sidecars: Option, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaPGClusterBackupsPgbackrestConfiguration { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -196,14 +197,11 @@ pub struct PerconaPGClusterBackupsPgbackrestConfiguration { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -286,9 +284,7 @@ pub struct PerconaPGClusterBackupsPgbackrestConfigurationConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -387,9 +383,7 @@ pub struct PerconaPGClusterBackupsPgbackrestConfigurationSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -464,11 +458,9 @@ pub struct PerconaPGClusterBackupsPgbackrestContainersPgbackrestResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -491,6 +483,11 @@ pub struct PerconaPGClusterBackupsPgbackrestContainersPgbackrestResourcesClaims /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Defines the configuration for the pgBackRest config sidecar container @@ -507,11 +504,9 @@ pub struct PerconaPGClusterBackupsPgbackrestContainersPgbackrestConfigResources /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -534,6 +529,11 @@ pub struct PerconaPGClusterBackupsPgbackrestContainersPgbackrestConfigResourcesC /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Jobs field allows configuration for all backup jobs @@ -771,7 +771,7 @@ pub struct PerconaPGClusterBackupsPgbackrestJobsAffinityPodAffinityPreferredDuri /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -782,7 +782,7 @@ pub struct PerconaPGClusterBackupsPgbackrestJobsAffinityPodAffinityPreferredDuri /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -892,7 +892,7 @@ pub struct PerconaPGClusterBackupsPgbackrestJobsAffinityPodAffinityRequiredDurin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -903,7 +903,7 @@ pub struct PerconaPGClusterBackupsPgbackrestJobsAffinityPodAffinityRequiredDurin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1044,7 +1044,7 @@ pub struct PerconaPGClusterBackupsPgbackrestJobsAffinityPodAntiAffinityPreferred /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1055,7 +1055,7 @@ pub struct PerconaPGClusterBackupsPgbackrestJobsAffinityPodAntiAffinityPreferred /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1165,7 +1165,7 @@ pub struct PerconaPGClusterBackupsPgbackrestJobsAffinityPodAntiAffinityRequiredD /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1176,7 +1176,7 @@ pub struct PerconaPGClusterBackupsPgbackrestJobsAffinityPodAntiAffinityRequiredD /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1273,11 +1273,9 @@ pub struct PerconaPGClusterBackupsPgbackrestJobsResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -1300,6 +1298,11 @@ pub struct PerconaPGClusterBackupsPgbackrestJobsResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security settings for PGBackRest pod. @@ -1313,12 +1316,10 @@ pub struct PerconaPGClusterBackupsPgbackrestJobsSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -1368,15 +1369,24 @@ pub struct PerconaPGClusterBackupsPgbackrestJobsSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -1444,7 +1454,6 @@ pub struct PerconaPGClusterBackupsPgbackrestJobsSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -1788,7 +1797,7 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostAffinityPodAffinityPreferred /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1799,7 +1808,7 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostAffinityPodAffinityPreferred /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1909,7 +1918,7 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostAffinityPodAffinityRequiredD /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1920,7 +1929,7 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostAffinityPodAffinityRequiredD /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2061,7 +2070,7 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostAffinityPodAntiAffinityPrefe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2072,7 +2081,7 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostAffinityPodAntiAffinityPrefe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2182,7 +2191,7 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostAffinityPodAntiAffinityRequi /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2193,7 +2202,7 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostAffinityPodAntiAffinityRequi /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2289,11 +2298,9 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -2316,6 +2323,11 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security settings for PGBackRest pod. @@ -2329,12 +2341,10 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -2384,15 +2394,24 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -2460,7 +2479,6 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostSecurityContextSeccompProfil /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2522,9 +2540,7 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostSshConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -2569,9 +2585,7 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostSshSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -2646,7 +2660,6 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -2680,7 +2693,6 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -2696,7 +2708,6 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -2707,7 +2718,6 @@ pub struct PerconaPGClusterBackupsPgbackrestRepoHostTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -2926,7 +2936,7 @@ pub struct PerconaPGClusterBackupsPgbackrestReposVolumeVolumeClaimSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -3296,7 +3306,7 @@ pub struct PerconaPGClusterBackupsPgbackrestRestoreAffinityPodAffinityPreferredD /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -3307,7 +3317,7 @@ pub struct PerconaPGClusterBackupsPgbackrestRestoreAffinityPodAffinityPreferredD /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -3417,7 +3427,7 @@ pub struct PerconaPGClusterBackupsPgbackrestRestoreAffinityPodAffinityRequiredDu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -3428,7 +3438,7 @@ pub struct PerconaPGClusterBackupsPgbackrestRestoreAffinityPodAffinityRequiredDu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -3569,7 +3579,7 @@ pub struct PerconaPGClusterBackupsPgbackrestRestoreAffinityPodAntiAffinityPrefer /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -3580,7 +3590,7 @@ pub struct PerconaPGClusterBackupsPgbackrestRestoreAffinityPodAntiAffinityPrefer /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -3690,7 +3700,7 @@ pub struct PerconaPGClusterBackupsPgbackrestRestoreAffinityPodAntiAffinityRequir /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -3701,7 +3711,7 @@ pub struct PerconaPGClusterBackupsPgbackrestRestoreAffinityPodAntiAffinityRequir /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -3797,11 +3807,9 @@ pub struct PerconaPGClusterBackupsPgbackrestRestoreResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3824,6 +3832,11 @@ pub struct PerconaPGClusterBackupsPgbackrestRestoreResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// The pod this Toleration is attached to tolerates any taint that matches @@ -3881,11 +3894,9 @@ pub struct PerconaPGClusterBackupsPgbackrestSidecarsPgbackrestResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3908,6 +3919,11 @@ pub struct PerconaPGClusterBackupsPgbackrestSidecarsPgbackrestResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Defines the configuration for the pgBackRest config sidecar container @@ -3924,11 +3940,9 @@ pub struct PerconaPGClusterBackupsPgbackrestSidecarsPgbackrestConfigResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3951,6 +3965,11 @@ pub struct PerconaPGClusterBackupsPgbackrestSidecarsPgbackrestConfigResourcesCla /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Specifies a data source for bootstrapping the PostgreSQL cluster. @@ -4225,7 +4244,7 @@ pub struct PerconaPGClusterDataSourcePgbackrestAffinityPodAffinityPreferredDurin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -4236,7 +4255,7 @@ pub struct PerconaPGClusterDataSourcePgbackrestAffinityPodAffinityPreferredDurin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -4346,7 +4365,7 @@ pub struct PerconaPGClusterDataSourcePgbackrestAffinityPodAffinityRequiredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -4357,7 +4376,7 @@ pub struct PerconaPGClusterDataSourcePgbackrestAffinityPodAffinityRequiredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -4498,7 +4517,7 @@ pub struct PerconaPGClusterDataSourcePgbackrestAffinityPodAntiAffinityPreferredD /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -4509,7 +4528,7 @@ pub struct PerconaPGClusterDataSourcePgbackrestAffinityPodAntiAffinityPreferredD /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -4619,7 +4638,7 @@ pub struct PerconaPGClusterDataSourcePgbackrestAffinityPodAntiAffinityRequiredDu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -4630,7 +4649,7 @@ pub struct PerconaPGClusterDataSourcePgbackrestAffinityPodAntiAffinityRequiredDu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -4720,20 +4739,18 @@ pub struct PerconaPGClusterDataSourcePgbackrestAffinityPodAntiAffinityRequiredDu pub values: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaPGClusterDataSourcePgbackrestConfiguration { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -4758,14 +4775,11 @@ pub struct PerconaPGClusterDataSourcePgbackrestConfiguration { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -4848,9 +4862,7 @@ pub struct PerconaPGClusterDataSourcePgbackrestConfigurationConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -4949,9 +4961,7 @@ pub struct PerconaPGClusterDataSourcePgbackrestConfigurationSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -5149,7 +5159,7 @@ pub struct PerconaPGClusterDataSourcePgbackrestRepoVolumeVolumeClaimSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -5278,11 +5288,9 @@ pub struct PerconaPGClusterDataSourcePgbackrestResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -5305,6 +5313,11 @@ pub struct PerconaPGClusterDataSourcePgbackrestResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// The pod this Toleration is attached to tolerates any taint that matches @@ -5585,7 +5598,7 @@ pub struct PerconaPGClusterDataSourcePostgresClusterAffinityPodAffinityPreferred /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -5596,7 +5609,7 @@ pub struct PerconaPGClusterDataSourcePostgresClusterAffinityPodAffinityPreferred /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -5706,7 +5719,7 @@ pub struct PerconaPGClusterDataSourcePostgresClusterAffinityPodAffinityRequiredD /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -5717,7 +5730,7 @@ pub struct PerconaPGClusterDataSourcePostgresClusterAffinityPodAffinityRequiredD /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -5858,7 +5871,7 @@ pub struct PerconaPGClusterDataSourcePostgresClusterAffinityPodAntiAffinityPrefe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -5869,7 +5882,7 @@ pub struct PerconaPGClusterDataSourcePostgresClusterAffinityPodAntiAffinityPrefe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -5979,7 +5992,7 @@ pub struct PerconaPGClusterDataSourcePostgresClusterAffinityPodAntiAffinityRequi /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -5990,7 +6003,7 @@ pub struct PerconaPGClusterDataSourcePostgresClusterAffinityPodAntiAffinityRequi /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -6086,11 +6099,9 @@ pub struct PerconaPGClusterDataSourcePostgresClusterResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -6113,6 +6124,11 @@ pub struct PerconaPGClusterDataSourcePostgresClusterResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// The pod this Toleration is attached to tolerates any taint that matches @@ -6439,7 +6455,6 @@ pub struct PerconaPGClusterExtensionsStorage { pub region: Option, /// Adapts a secret into a projected volume. /// - /// /// The contents of the target Secret's Data field will be presented in a /// projected volume as files using the keys in the Data field as the file names. /// Note that this is identical to a secret volume source without the default @@ -6452,7 +6467,6 @@ pub struct PerconaPGClusterExtensionsStorage { /// Adapts a secret into a projected volume. /// -/// /// The contents of the target Secret's Data field will be presented in a /// projected volume as files using the keys in the Data field as the file names. /// Note that this is identical to a secret volume source without the default @@ -6472,9 +6486,7 @@ pub struct PerconaPGClusterExtensionsStorageSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -6527,9 +6539,7 @@ pub struct PerconaPGClusterImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6814,7 +6824,7 @@ pub struct PerconaPGClusterInstancesAffinityPodAffinityPreferredDuringScheduling /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -6825,7 +6835,7 @@ pub struct PerconaPGClusterInstancesAffinityPodAffinityPreferredDuringScheduling /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -6935,7 +6945,7 @@ pub struct PerconaPGClusterInstancesAffinityPodAffinityRequiredDuringSchedulingI /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -6946,7 +6956,7 @@ pub struct PerconaPGClusterInstancesAffinityPodAffinityRequiredDuringSchedulingI /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -7087,7 +7097,7 @@ pub struct PerconaPGClusterInstancesAffinityPodAntiAffinityPreferredDuringSchedu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -7098,7 +7108,7 @@ pub struct PerconaPGClusterInstancesAffinityPodAntiAffinityPreferredDuringSchedu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -7208,7 +7218,7 @@ pub struct PerconaPGClusterInstancesAffinityPodAntiAffinityRequiredDuringSchedul /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -7219,7 +7229,7 @@ pub struct PerconaPGClusterInstancesAffinityPodAntiAffinityRequiredDuringSchedul /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -7331,11 +7341,9 @@ pub struct PerconaPGClusterInstancesContainersReplicaCertCopyResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -7358,6 +7366,11 @@ pub struct PerconaPGClusterInstancesContainersReplicaCertCopyResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Defines a PersistentVolumeClaim for PostgreSQL data. @@ -7428,7 +7441,7 @@ pub struct PerconaPGClusterInstancesDataVolumeClaimSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -7767,9 +7780,7 @@ pub struct PerconaPGClusterInstancesInitContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7812,9 +7823,7 @@ pub struct PerconaPGClusterInstancesInitContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7843,9 +7852,7 @@ pub struct PerconaPGClusterInstancesInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -7860,9 +7867,7 @@ pub struct PerconaPGClusterInstancesInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -8147,7 +8152,6 @@ pub struct PerconaPGClusterInstancesInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -8298,7 +8302,6 @@ pub struct PerconaPGClusterInstancesInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -8370,11 +8373,9 @@ pub struct PerconaPGClusterInstancesInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -8397,6 +8398,11 @@ pub struct PerconaPGClusterInstancesInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -8430,7 +8436,7 @@ pub struct PerconaPGClusterInstancesInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -8553,7 +8559,6 @@ pub struct PerconaPGClusterInstancesInitContainersSecurityContextSeccompProfile /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -8665,7 +8670,6 @@ pub struct PerconaPGClusterInstancesInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -8750,10 +8754,8 @@ pub struct PerconaPGClusterInstancesInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -8761,11 +8763,9 @@ pub struct PerconaPGClusterInstancesInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -8796,11 +8796,9 @@ pub struct PerconaPGClusterInstancesResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -8823,6 +8821,11 @@ pub struct PerconaPGClusterInstancesResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security settings for a PostgreSQL pod. @@ -8836,12 +8839,10 @@ pub struct PerconaPGClusterInstancesSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -8891,15 +8892,24 @@ pub struct PerconaPGClusterInstancesSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -8967,7 +8977,6 @@ pub struct PerconaPGClusterInstancesSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -9228,9 +9237,7 @@ pub struct PerconaPGClusterInstancesSidecarsEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -9273,9 +9280,7 @@ pub struct PerconaPGClusterInstancesSidecarsEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -9304,9 +9309,7 @@ pub struct PerconaPGClusterInstancesSidecarsEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -9321,9 +9324,7 @@ pub struct PerconaPGClusterInstancesSidecarsEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -9608,7 +9609,6 @@ pub struct PerconaPGClusterInstancesSidecarsLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -9759,7 +9759,6 @@ pub struct PerconaPGClusterInstancesSidecarsReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -9831,11 +9830,9 @@ pub struct PerconaPGClusterInstancesSidecarsResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -9858,6 +9855,11 @@ pub struct PerconaPGClusterInstancesSidecarsResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -9891,7 +9893,7 @@ pub struct PerconaPGClusterInstancesSidecarsSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -10014,7 +10016,6 @@ pub struct PerconaPGClusterInstancesSidecarsSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -10126,7 +10127,6 @@ pub struct PerconaPGClusterInstancesSidecarsStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -10211,10 +10211,8 @@ pub struct PerconaPGClusterInstancesSidecarsVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -10222,11 +10220,9 @@ pub struct PerconaPGClusterInstancesSidecarsVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -10321,7 +10317,7 @@ pub struct PerconaPGClusterInstancesTablespaceVolumesDataVolumeClaimSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -10491,7 +10487,6 @@ pub struct PerconaPGClusterInstancesTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -10525,7 +10520,6 @@ pub struct PerconaPGClusterInstancesTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -10541,7 +10535,6 @@ pub struct PerconaPGClusterInstancesTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -10552,7 +10545,6 @@ pub struct PerconaPGClusterInstancesTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -10647,10 +10639,8 @@ pub struct PerconaPGClusterInstancesVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -10658,11 +10648,9 @@ pub struct PerconaPGClusterInstancesVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -10746,7 +10734,7 @@ pub struct PerconaPGClusterInstancesWalVolumeClaimSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -10951,10 +10939,9 @@ pub struct PerconaPGClusterPmm { pub resources: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "runtimeClassName")] pub runtime_class_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverHost")] - pub server_host: Option, + pub secret: String, + #[serde(rename = "serverHost")] + pub server_host: String, } /// SecurityContext holds security configuration that will be applied to a container. @@ -10988,7 +10975,7 @@ pub struct PerconaPGClusterPmmContainerSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -11111,7 +11098,6 @@ pub struct PerconaPGClusterPmmContainerSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -11161,11 +11147,9 @@ pub struct PerconaPGClusterPmmResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -11188,6 +11172,11 @@ pub struct PerconaPGClusterPmmResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// The specification of a proxy that connects to PostgreSQL. @@ -11485,7 +11474,7 @@ pub struct PerconaPGClusterProxyPgBouncerAffinityPodAffinityPreferredDuringSched /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -11496,7 +11485,7 @@ pub struct PerconaPGClusterProxyPgBouncerAffinityPodAffinityPreferredDuringSched /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -11606,7 +11595,7 @@ pub struct PerconaPGClusterProxyPgBouncerAffinityPodAffinityRequiredDuringSchedu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -11617,7 +11606,7 @@ pub struct PerconaPGClusterProxyPgBouncerAffinityPodAffinityRequiredDuringSchedu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -11758,7 +11747,7 @@ pub struct PerconaPGClusterProxyPgBouncerAffinityPodAntiAffinityPreferredDuringS /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -11769,7 +11758,7 @@ pub struct PerconaPGClusterProxyPgBouncerAffinityPodAntiAffinityPreferredDuringS /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -11879,7 +11868,7 @@ pub struct PerconaPGClusterProxyPgBouncerAffinityPodAntiAffinityRequiredDuringSc /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -11890,7 +11879,7 @@ pub struct PerconaPGClusterProxyPgBouncerAffinityPodAntiAffinityRequiredDuringSc /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -12012,20 +12001,18 @@ pub struct PerconaPGClusterProxyPgBouncerConfig { pub users: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaPGClusterProxyPgBouncerConfigFiles { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -12050,14 +12037,11 @@ pub struct PerconaPGClusterProxyPgBouncerConfigFiles { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -12140,9 +12124,7 @@ pub struct PerconaPGClusterProxyPgBouncerConfigFilesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -12241,9 +12223,7 @@ pub struct PerconaPGClusterProxyPgBouncerConfigFilesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -12315,11 +12295,9 @@ pub struct PerconaPGClusterProxyPgBouncerContainersPgbouncerConfigResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -12342,6 +12320,11 @@ pub struct PerconaPGClusterProxyPgBouncerContainersPgbouncerConfigResourcesClaim /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// A secret projection containing a certificate and key with which to encrypt @@ -12364,9 +12347,7 @@ pub struct PerconaPGClusterProxyPgBouncerCustomTlsSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -12442,11 +12423,9 @@ pub struct PerconaPGClusterProxyPgBouncerResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -12469,6 +12448,11 @@ pub struct PerconaPGClusterProxyPgBouncerResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security settings for PGBouncer pods. @@ -12482,12 +12466,10 @@ pub struct PerconaPGClusterProxyPgBouncerSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -12537,15 +12519,24 @@ pub struct PerconaPGClusterProxyPgBouncerSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -12613,7 +12604,6 @@ pub struct PerconaPGClusterProxyPgBouncerSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -12874,9 +12864,7 @@ pub struct PerconaPGClusterProxyPgBouncerSidecarsEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -12919,9 +12907,7 @@ pub struct PerconaPGClusterProxyPgBouncerSidecarsEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -12950,9 +12936,7 @@ pub struct PerconaPGClusterProxyPgBouncerSidecarsEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -12967,9 +12951,7 @@ pub struct PerconaPGClusterProxyPgBouncerSidecarsEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -13254,7 +13236,6 @@ pub struct PerconaPGClusterProxyPgBouncerSidecarsLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -13405,7 +13386,6 @@ pub struct PerconaPGClusterProxyPgBouncerSidecarsReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -13477,11 +13457,9 @@ pub struct PerconaPGClusterProxyPgBouncerSidecarsResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -13504,6 +13482,11 @@ pub struct PerconaPGClusterProxyPgBouncerSidecarsResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -13537,7 +13520,7 @@ pub struct PerconaPGClusterProxyPgBouncerSidecarsSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -13660,7 +13643,6 @@ pub struct PerconaPGClusterProxyPgBouncerSidecarsSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -13772,7 +13754,6 @@ pub struct PerconaPGClusterProxyPgBouncerSidecarsStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -13857,10 +13838,8 @@ pub struct PerconaPGClusterProxyPgBouncerSidecarsVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -13868,11 +13847,9 @@ pub struct PerconaPGClusterProxyPgBouncerSidecarsVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -13935,7 +13912,6 @@ pub struct PerconaPGClusterProxyPgBouncerTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -13969,7 +13945,6 @@ pub struct PerconaPGClusterProxyPgBouncerTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -13985,7 +13960,6 @@ pub struct PerconaPGClusterProxyPgBouncerTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -13996,7 +13970,6 @@ pub struct PerconaPGClusterProxyPgBouncerTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -14111,9 +14084,7 @@ pub struct PerconaPGClusterSecretsCustomReplicationTlsSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -14165,9 +14136,7 @@ pub struct PerconaPGClusterSecretsCustomTlsSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -14267,28 +14236,21 @@ pub struct PerconaPGClusterStatus { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaPGClusterStatusPgbouncer { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ready: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub size: Option, + pub ready: i32, + pub size: i32, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaPGClusterStatusPostgres { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub instances: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ready: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub size: Option, + pub instances: Vec, + pub ready: i32, + pub size: i32, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaPGClusterStatusPostgresInstances { pub name: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ready: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub size: Option, + pub ready: i32, + pub size: i32, } diff --git a/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgupgrades.rs b/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgupgrades.rs index e454537cb..adc3c5ef8 100644 --- a/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgupgrades.rs +++ b/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgupgrades.rs @@ -284,7 +284,7 @@ pub struct PerconaPGUpgradeAffinityPodAffinityPreferredDuringSchedulingIgnoredDu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -295,7 +295,7 @@ pub struct PerconaPGUpgradeAffinityPodAffinityPreferredDuringSchedulingIgnoredDu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -405,7 +405,7 @@ pub struct PerconaPGUpgradeAffinityPodAffinityRequiredDuringSchedulingIgnoredDur /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -416,7 +416,7 @@ pub struct PerconaPGUpgradeAffinityPodAffinityRequiredDuringSchedulingIgnoredDur /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -557,7 +557,7 @@ pub struct PerconaPGUpgradeAffinityPodAntiAffinityPreferredDuringSchedulingIgnor /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -568,7 +568,7 @@ pub struct PerconaPGUpgradeAffinityPodAntiAffinityPreferredDuringSchedulingIgnor /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -678,7 +678,7 @@ pub struct PerconaPGUpgradeAffinityPodAntiAffinityRequiredDuringSchedulingIgnore /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -689,7 +689,7 @@ pub struct PerconaPGUpgradeAffinityPodAntiAffinityRequiredDuringSchedulingIgnore /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -794,9 +794,7 @@ pub struct PerconaPGUpgradeImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1017,9 +1015,7 @@ pub struct PerconaPGUpgradeInitContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1062,9 +1058,7 @@ pub struct PerconaPGUpgradeInitContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1093,9 +1087,7 @@ pub struct PerconaPGUpgradeInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1110,9 +1102,7 @@ pub struct PerconaPGUpgradeInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -1397,7 +1387,6 @@ pub struct PerconaPGUpgradeInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -1548,7 +1537,6 @@ pub struct PerconaPGUpgradeInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -1620,11 +1608,9 @@ pub struct PerconaPGUpgradeInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -1647,6 +1633,11 @@ pub struct PerconaPGUpgradeInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -1680,7 +1671,7 @@ pub struct PerconaPGUpgradeInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -1803,7 +1794,6 @@ pub struct PerconaPGUpgradeInitContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -1915,7 +1905,6 @@ pub struct PerconaPGUpgradeInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2000,10 +1989,8 @@ pub struct PerconaPGUpgradeInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2011,11 +1998,9 @@ pub struct PerconaPGUpgradeInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2046,11 +2031,9 @@ pub struct PerconaPGUpgradeResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -2073,6 +2056,11 @@ pub struct PerconaPGUpgradeResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// The pod this Toleration is attached to tolerates any taint that matches @@ -2129,10 +2117,8 @@ pub struct PerconaPGUpgradeVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2140,11 +2126,9 @@ pub struct PerconaPGUpgradeVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, diff --git a/kube-custom-resources-rs/src/pkg_crossplane_io/v1/configurationrevisions.rs b/kube-custom-resources-rs/src/pkg_crossplane_io/v1/configurationrevisions.rs index 9f93dcfb2..68de43edd 100644 --- a/kube-custom-resources-rs/src/pkg_crossplane_io/v1/configurationrevisions.rs +++ b/kube-custom-resources-rs/src/pkg_crossplane_io/v1/configurationrevisions.rs @@ -62,8 +62,12 @@ pub struct ConfigurationRevisionSpec { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ConfigurationRevisionPackagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/pkg_crossplane_io/v1/configurations.rs b/kube-custom-resources-rs/src/pkg_crossplane_io/v1/configurations.rs index 2f825f9cd..945cb74b4 100644 --- a/kube-custom-resources-rs/src/pkg_crossplane_io/v1/configurations.rs +++ b/kube-custom-resources-rs/src/pkg_crossplane_io/v1/configurations.rs @@ -64,8 +64,12 @@ pub struct ConfigurationSpec { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ConfigurationPackagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/pkg_crossplane_io/v1/providerrevisions.rs b/kube-custom-resources-rs/src/pkg_crossplane_io/v1/providerrevisions.rs index a52639ca4..c638fc040 100644 --- a/kube-custom-resources-rs/src/pkg_crossplane_io/v1/providerrevisions.rs +++ b/kube-custom-resources-rs/src/pkg_crossplane_io/v1/providerrevisions.rs @@ -88,8 +88,12 @@ pub struct ProviderRevisionControllerConfigRef { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ProviderRevisionPackagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/pkg_crossplane_io/v1/providers.rs b/kube-custom-resources-rs/src/pkg_crossplane_io/v1/providers.rs index 2e103e402..2bb7fee4d 100644 --- a/kube-custom-resources-rs/src/pkg_crossplane_io/v1/providers.rs +++ b/kube-custom-resources-rs/src/pkg_crossplane_io/v1/providers.rs @@ -82,8 +82,12 @@ pub struct ProviderControllerConfigRef { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ProviderPackagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/pkg_crossplane_io/v1alpha1/controllerconfigs.rs b/kube-custom-resources-rs/src/pkg_crossplane_io/v1alpha1/controllerconfigs.rs index 260d7e0a1..2a05b5349 100644 --- a/kube-custom-resources-rs/src/pkg_crossplane_io/v1alpha1/controllerconfigs.rs +++ b/kube-custom-resources-rs/src/pkg_crossplane_io/v1alpha1/controllerconfigs.rs @@ -892,8 +892,12 @@ pub struct ControllerConfigEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -933,8 +937,12 @@ pub struct ControllerConfigEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -960,8 +968,12 @@ pub struct ControllerConfigEnvFrom { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ControllerConfigEnvFromConfigMapRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -973,8 +985,12 @@ pub struct ControllerConfigEnvFromConfigMapRef { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ControllerConfigEnvFromSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -987,8 +1003,12 @@ pub struct ControllerConfigEnvFromSecretRef { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ControllerConfigImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1788,8 +1808,12 @@ pub struct ControllerConfigVolumesCephfs { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ControllerConfigVolumesCephfsSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1824,8 +1848,12 @@ pub struct ControllerConfigVolumesCinder { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ControllerConfigVolumesCinderSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1852,8 +1880,12 @@ pub struct ControllerConfigVolumesConfigMap { #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -1917,8 +1949,12 @@ pub struct ControllerConfigVolumesCsi { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ControllerConfigVolumesCsiNodePublishSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2374,8 +2410,12 @@ pub struct ControllerConfigVolumesFlexVolume { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ControllerConfigVolumesFlexVolumeSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2531,8 +2571,12 @@ pub struct ControllerConfigVolumesIscsi { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ControllerConfigVolumesIscsiSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -2740,8 +2784,12 @@ pub struct ControllerConfigVolumesProjectedSourcesConfigMap { #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -2837,8 +2885,12 @@ pub struct ControllerConfigVolumesProjectedSourcesSecret { #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -2967,8 +3019,12 @@ pub struct ControllerConfigVolumesRbd { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ControllerConfigVolumesRbdSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -3018,8 +3074,12 @@ pub struct ControllerConfigVolumesScaleIo { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ControllerConfigVolumesScaleIoSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -3110,8 +3170,12 @@ pub struct ControllerConfigVolumesStorageos { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ControllerConfigVolumesStorageosSecretRef { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/scheduling_koordinator_sh/v1alpha1/reservations.rs b/kube-custom-resources-rs/src/scheduling_koordinator_sh/v1alpha1/reservations.rs index ae5e99f50..b633a5d71 100644 --- a/kube-custom-resources-rs/src/scheduling_koordinator_sh/v1alpha1/reservations.rs +++ b/kube-custom-resources-rs/src/scheduling_koordinator_sh/v1alpha1/reservations.rs @@ -40,6 +40,10 @@ pub struct ReservationSpec { /// reservation would be waiting to be available until free resources are sufficient. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preAllocation")] pub pre_allocation: Option, + /// Specifies the reservation's taints. This can be toleranted by the reservation tolerance. + /// Eviction is not supported for NoExecute taints + #[serde(default, skip_serializing_if = "Option::is_none")] + pub taints: Option>, /// Template defines the scheduling requirements (resources, affinities, images, ...) processed by the scheduler just /// like a normal pod. /// If the `template.spec.nodeName` is specified, the scheduler will not choose another node but reserve resources on @@ -176,6 +180,25 @@ pub struct ReservationOwnersObject { pub uid: Option, } +/// The node this Taint is attached to has the "effect" on +/// any pod that does not tolerate the Taint. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ReservationTaints { + /// Required. The effect of the taint on pods + /// that do not tolerate the taint. + /// Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + pub effect: String, + /// Required. The taint key to be applied to a node. + pub key: String, + /// TimeAdded represents the time at which the taint was added. + /// It is only written for NoExecute taints. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeAdded")] + pub time_added: Option, + /// The taint value corresponding to the taint key. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ReservationStatus { /// Resource reserved and allocatable for owners. diff --git a/kube-custom-resources-rs/src/scheduling_volcano_sh/v1beta1/queues.rs b/kube-custom-resources-rs/src/scheduling_volcano_sh/v1beta1/queues.rs index a1551bdbd..6e7db9b71 100644 --- a/kube-custom-resources-rs/src/scheduling_volcano_sh/v1beta1/queues.rs +++ b/kube-custom-resources-rs/src/scheduling_volcano_sh/v1beta1/queues.rs @@ -38,6 +38,9 @@ pub struct QueueSpec { /// Parent define the parent of queue #[serde(default, skip_serializing_if = "Option::is_none")] pub parent: Option, + /// Priority define the priority of queue. Higher values are prioritized for scheduling and considered later during reclamation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, /// Reclaimable indicate whether the queue can be reclaimed by other queue #[serde(default, skip_serializing_if = "Option::is_none")] pub reclaimable: Option, diff --git a/kube-custom-resources-rs/src/scylla_scylladb_com/v1alpha1/scyllaoperatorconfigs.rs b/kube-custom-resources-rs/src/scylla_scylladb_com/v1alpha1/scyllaoperatorconfigs.rs index 294ac3005..90c40f39a 100644 --- a/kube-custom-resources-rs/src/scylla_scylladb_com/v1alpha1/scyllaoperatorconfigs.rs +++ b/kube-custom-resources-rs/src/scylla_scylladb_com/v1alpha1/scyllaoperatorconfigs.rs @@ -12,17 +12,42 @@ use self::prelude::*; /// spec defines the desired state of the operator. #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] #[kube(group = "scylla.scylladb.com", version = "v1alpha1", kind = "ScyllaOperatorConfig", plural = "scyllaoperatorconfigs")] +#[kube(status = "ScyllaOperatorConfigStatus")] #[kube(schema = "disabled")] #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct ScyllaOperatorConfigSpec { - /// scyllaUtilsImage is a Scylla image used for running scylla utilities. + /// scyllaUtilsImage is a ScyllaDB image used for running ScyllaDB utilities. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scyllaUtilsImage")] pub scylla_utils_image: Option, + /// unsupportedBashToolsImageOverride allows to adjust a generic Bash image with extra tools used by the operator for auxiliary purposes. Setting this field renders your cluster unsupported. Use at your own risk. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "unsupportedBashToolsImageOverride")] + pub unsupported_bash_tools_image_override: Option, + /// unsupportedGrafanaImageOverride allows to adjust Grafana image used by the operator for testing, dev or emergencies. Setting this field renders your cluster unsupported. Use at your own risk. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "unsupportedGrafanaImageOverride")] + pub unsupported_grafana_image_override: Option, + /// unsupportedPrometheusVersionOverride allows to adjust Prometheus version used by the operator for testing, dev or emergencies. Setting this field renders your cluster unsupported. Use at your own risk. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "unsupportedPrometheusVersionOverride")] + pub unsupported_prometheus_version_override: Option, } /// status defines the observed state of the operator. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ScyllaOperatorConfigStatus { + /// bashToolsImage is a generic Bash image with extra tools used by the operator for auxiliary purposes. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bashToolsImage")] + pub bash_tools_image: Option, + /// grafanaImage is the image used by the operator to create a Grafana instance. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "grafanaImage")] + pub grafana_image: Option, + /// observedGeneration is the most recent generation observed for this ScyllaOperatorConfig. It corresponds to the ScyllaOperatorConfig's generation, which is updated on mutation by the API Server. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedGeneration")] + pub observed_generation: Option, + /// prometheusVersion is the Prometheus version used by the operator to create a Prometheus instance. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "prometheusVersion")] + pub prometheus_version: Option, + /// scyllaDBUtilsImage is the ScyllaDB image used for running ScyllaDB utilities. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scyllaDBUtilsImage")] + pub scylla_db_utils_image: Option, } diff --git a/kube-custom-resources-rs/src/tempo_grafana_com/v1alpha1/tempostacks.rs b/kube-custom-resources-rs/src/tempo_grafana_com/v1alpha1/tempostacks.rs index 133228c43..9ff628b51 100644 --- a/kube-custom-resources-rs/src/tempo_grafana_com/v1alpha1/tempostacks.rs +++ b/kube-custom-resources-rs/src/tempo_grafana_com/v1alpha1/tempostacks.rs @@ -101,6 +101,9 @@ pub struct TempoStackHashRingMemberlist { /// Images defines the image for each container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TempoStackImages { + /// JaegerQuery defines the tempo-query container image. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jaegerQuery")] + pub jaeger_query: Option, /// OauthProxy defines the oauth proxy image used to protect the jaegerUI on single tenant. #[serde(default, skip_serializing_if = "Option::is_none", rename = "oauthProxy")] pub oauth_proxy: Option, @@ -1128,6 +1131,9 @@ pub struct TempoStackTemplateQueryFrontendJaegerQuery { /// ServicesQueryDuration defines how long the services will be available in the services list #[serde(default, skip_serializing_if = "Option::is_none", rename = "servicesQueryDuration")] pub services_query_duration: Option, + /// TempoQuery defines options specific to the Tempoo Query component. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tempoQuery")] + pub tempo_query: Option, } /// Authentication defines the options for the oauth proxy used to protect jaeger UI @@ -1283,6 +1289,49 @@ pub struct TempoStackTemplateQueryFrontendJaegerQueryResourcesClaims { pub name: String, } +/// TempoQuery defines options specific to the Tempoo Query component. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TempoStackTemplateQueryFrontendJaegerQueryTempoQuery { + /// Resources defines resources for this component, this will override the calculated resources derived from total + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, +} + +/// Resources defines resources for this component, this will override the calculated resources derived from total +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TempoStackTemplateQueryFrontendJaegerQueryTempoQueryResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TempoStackTemplateQueryFrontendJaegerQueryTempoQueryResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + /// Tenants defines the per-tenant authentication and authorization spec. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct TempoStackTenants { diff --git a/kube-custom-resources-rs/src/traefik_io/v1alpha1/traefikservices.rs b/kube-custom-resources-rs/src/traefik_io/v1alpha1/traefikservices.rs index bf2f1e90a..85d0c52c2 100644 --- a/kube-custom-resources-rs/src/traefik_io/v1alpha1/traefikservices.rs +++ b/kube-custom-resources-rs/src/traefik_io/v1alpha1/traefikservices.rs @@ -41,6 +41,10 @@ pub struct TraefikServiceMirroring { /// Default value is -1, which means unlimited size. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxBodySize")] pub max_body_size: Option, + /// MirrorBody defines whether the body of the request should be mirrored. + /// Default value is true. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mirrorBody")] + pub mirror_body: Option, /// Mirrors defines the list of mirrors where Traefik will duplicate the traffic. #[serde(default, skip_serializing_if = "Option::is_none")] pub mirrors: Option>,