diff --git a/crd-catalog/antrea-io/antrea/multicluster.crd.antrea.io/v1alpha1/resourceexports.yaml b/crd-catalog/antrea-io/antrea/multicluster.crd.antrea.io/v1alpha1/resourceexports.yaml index 90f8ba66c..cb03d0543 100644 --- a/crd-catalog/antrea-io/antrea/multicluster.crd.antrea.io/v1alpha1/resourceexports.yaml +++ b/crd-catalog/antrea-io/antrea/multicluster.crd.antrea.io/v1alpha1/resourceexports.yaml @@ -154,6 +154,36 @@ spec: description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + nodeSelector: + description: Select Nodes in cluster as workloads in AppliedTo fields. Cannot be set with any other selector. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object podSelector: description: Select Pods from NetworkPolicy's Namespace as workloads in AppliedTo fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. properties: @@ -278,6 +308,36 @@ spec: description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + nodeSelector: + description: Select Nodes in cluster as workloads in AppliedTo fields. Cannot be set with any other selector. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object podSelector: description: Select Pods from NetworkPolicy's Namespace as workloads in AppliedTo fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. properties: @@ -417,7 +477,7 @@ spec: type: string type: object nodeSelector: - description: Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. + description: Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -664,7 +724,7 @@ spec: type: string type: object nodeSelector: - description: Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. + description: Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -829,6 +889,36 @@ spec: description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + nodeSelector: + description: Select Nodes in cluster as workloads in AppliedTo fields. Cannot be set with any other selector. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object podSelector: description: Select Pods from NetworkPolicy's Namespace as workloads in AppliedTo fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. properties: @@ -968,7 +1058,7 @@ spec: type: string type: object nodeSelector: - description: Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. + description: Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -1215,7 +1305,7 @@ spec: type: string type: object nodeSelector: - description: Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. + description: Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. diff --git a/crd-catalog/antrea-io/antrea/multicluster.crd.antrea.io/v1alpha1/resourceimports.yaml b/crd-catalog/antrea-io/antrea/multicluster.crd.antrea.io/v1alpha1/resourceimports.yaml index d38d797cb..32672358b 100644 --- a/crd-catalog/antrea-io/antrea/multicluster.crd.antrea.io/v1alpha1/resourceimports.yaml +++ b/crd-catalog/antrea-io/antrea/multicluster.crd.antrea.io/v1alpha1/resourceimports.yaml @@ -152,6 +152,36 @@ spec: description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + nodeSelector: + description: Select Nodes in cluster as workloads in AppliedTo fields. Cannot be set with any other selector. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object podSelector: description: Select Pods from NetworkPolicy's Namespace as workloads in AppliedTo fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. properties: @@ -276,6 +306,36 @@ spec: description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + nodeSelector: + description: Select Nodes in cluster as workloads in AppliedTo fields. Cannot be set with any other selector. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object podSelector: description: Select Pods from NetworkPolicy's Namespace as workloads in AppliedTo fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. properties: @@ -415,7 +475,7 @@ spec: type: string type: object nodeSelector: - description: Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. + description: Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -662,7 +722,7 @@ spec: type: string type: object nodeSelector: - description: Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. + description: Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -827,6 +887,36 @@ spec: description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + nodeSelector: + description: Select Nodes in cluster as workloads in AppliedTo fields. Cannot be set with any other selector. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object podSelector: description: Select Pods from NetworkPolicy's Namespace as workloads in AppliedTo fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. properties: @@ -966,7 +1056,7 @@ spec: type: string type: object nodeSelector: - description: Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. + description: Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -1213,7 +1303,7 @@ spec: type: string type: object nodeSelector: - description: Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. + description: Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/backuppolicytemplates.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/backuppolicytemplates.yaml index fd42ba50e..d45328bdf 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/backuppolicytemplates.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/backuppolicytemplates.yaml @@ -47,6 +47,12 @@ spec: description: backupPolicies is a list of backup policy template for the specified componentDefinition. items: properties: + backoffLimit: + description: Specifies the number of retries before marking the backup failed. + format: int32 + maximum: 10.0 + minimum: 0.0 + type: integer backupMethods: description: backupMethods defines the backup methods. items: @@ -165,8 +171,23 @@ spec: - names type: object type: array - required: - - clusterVersionRef + componentDef: + description: mapped ComponentDefinition to env value. + items: + properties: + mappingValue: + description: mapping value for the specified ClusterVersion names. + type: string + names: + description: the array of ClusterVersion name which can be mapped to the env value. + items: + type: string + type: array + required: + - mappingValue + - names + type: object + type: array type: object required: - key @@ -406,6 +427,11 @@ spec: maxLength: 22 pattern: ^[a-z]([a-z0-9\-]*[a-z0-9])?$ type: string + componentDefs: + description: componentDef references componentDefinition. Need to comply with IANA Service Naming rule. + items: + type: string + type: array schedules: description: schedule policy for backup. items: @@ -456,13 +482,9 @@ spec: type: object required: - backupMethods - - componentDefRef type: object minItems: 1 type: array - x-kubernetes-list-map-keys: - - componentDefRef - x-kubernetes-list-type: map clusterDefinitionRef: description: clusterDefinitionRef references ClusterDefinition name, this is an immutable attribute. pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/clusters.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/clusters.yaml index 354bccf00..eca66e108 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/clusters.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/clusters.yaml @@ -975,6 +975,9 @@ spec: default: Unknown description: PodName pod name. type: string + readyWithoutPrimary: + description: Is it required for rsm to have at least one primary pod to be ready. + type: boolean role: properties: accessMode: diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsrequests.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsrequests.yaml index f1fc144f1..a162319d5 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsrequests.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsrequests.yaml @@ -403,6 +403,9 @@ spec: backupName: description: backupName is the name of the backup. type: string + effectiveCommonComponentDef: + description: effectiveCommonComponentDef describes this backup will be restored for all components which refer to common ComponentDefinition. + type: boolean restoreTimeStr: description: restoreTime point in time to restore type: string diff --git a/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/backups.yaml b/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/backups.yaml index c6a13917f..f87a9bf46 100644 --- a/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/backups.yaml +++ b/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/backups.yaml @@ -499,6 +499,13 @@ spec: description: expiration is when this backup is eligible for garbage collection. 'null' means the Backup will NOT be cleaned except delete manual. format: date-time type: string + extras: + description: extra records the extra info for the backup. + items: + additionalProperties: + type: string + type: object + type: array failureReason: description: failureReason is an error that caused the backup to fail. type: string diff --git a/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/restores.yaml b/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/restores.yaml index c453118d7..bcdea9b02 100644 --- a/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/restores.yaml +++ b/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/restores.yaml @@ -55,6 +55,12 @@ spec: spec: description: RestoreSpec defines the desired state of Restore properties: + backoffLimit: + description: Specifies the number of retries before marking the restore failed. + format: int32 + maximum: 10.0 + minimum: 0.0 + type: integer backup: description: 'backup to be restored. The restore behavior based on the backup type: 1. Full: will be restored the full backup directly. 2. Incremental: will be restored sequentially from the most recent full backup of this incremental backup. 3. Differential: will be restored sequentially from the parent backup of the differential backup. 4. Continuous: will find the most recent full backup at this time point and the continuous backups after it to restore.' properties: diff --git a/crd-catalog/apecloud/kubeblocks/workloads.kubeblocks.io/v1alpha1/replicatedstatemachines.yaml b/crd-catalog/apecloud/kubeblocks/workloads.kubeblocks.io/v1alpha1/replicatedstatemachines.yaml index 15b962a12..3f495ebe5 100644 --- a/crd-catalog/apecloud/kubeblocks/workloads.kubeblocks.io/v1alpha1/replicatedstatemachines.yaml +++ b/crd-catalog/apecloud/kubeblocks/workloads.kubeblocks.io/v1alpha1/replicatedstatemachines.yaml @@ -5557,6 +5557,9 @@ spec: default: Unknown description: PodName pod name. type: string + readyWithoutPrimary: + description: Is it required for rsm to have at least one primary pod to be ready. + type: boolean role: properties: accessMode: diff --git a/crd-catalog/datainfrahq/druid-operator/druid.apache.org/v1alpha1/druids.yaml b/crd-catalog/datainfrahq/druid-operator/druid.apache.org/v1alpha1/druids.yaml index a373d17ed..e6e21713f 100644 --- a/crd-catalog/datainfrahq/druid-operator/druid.apache.org/v1alpha1/druids.yaml +++ b/crd-catalog/datainfrahq/druid-operator/druid.apache.org/v1alpha1/druids.yaml @@ -3871,8 +3871,8 @@ spec: type: object type: object type: array - startUpProbes: - description: StartUpProbes + startUpProbe: + description: StartUpProbe properties: exec: description: Exec specifies the action to take. diff --git a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml index eb4b40a4f..7cba972b8 100644 --- a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml +++ b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml @@ -3106,11 +3106,144 @@ spec: type: string awsConnection: properties: + accessKey: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + description: Key is a JSONPath expression used to fetch the key from the merged JSON. + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + description: ServiceAccount specifies the service account whose token should be fetched + type: string + type: object + type: object bucket: type: string + connection: + description: ConnectionName of the connection. It'll be used to populate the endpoint, accessKey and secretKey. + type: string + endpoint: + type: string objectPath: description: glob path to restrict matches to a subset type: string + region: + type: string + secretKey: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + description: Key is a JSONPath expression used to fetch the key from the merged JSON. + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + description: ServiceAccount specifies the service account whose token should be fetched + type: string + type: object + type: object + sessionToken: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + description: Key is a JSONPath expression used to fetch the key from the merged JSON. + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + description: ServiceAccount specifies the service account whose token should be fetched + type: string + type: object + type: object + skipTLSVerify: + description: Skip TLS verify when connecting to aws + type: boolean usePathStyle: description: 'Use path style path: http://s3.amazonaws.com/BUCKET/KEY instead of http://BUCKET.s3.amazonaws.com/KEY' type: boolean @@ -6210,13 +6343,59 @@ spec: s3: items: properties: + accessKey: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + description: Key is a JSONPath expression used to fetch the key from the merged JSON. + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + description: ServiceAccount specifies the service account whose token should be fetched + type: string + type: object + type: object bucket: type: string bucketName: type: string + connection: + description: ConnectionName of the connection. It'll be used to populate the endpoint, accessKey and secretKey. + type: string description: description: Description for the check type: string + endpoint: + type: string icon: description: Icon for overwriting default icon on the dashboard type: string @@ -6259,6 +6438,93 @@ spec: objectPath: description: glob path to restrict matches to a subset type: string + region: + type: string + secretKey: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + description: Key is a JSONPath expression used to fetch the key from the merged JSON. + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + description: ServiceAccount specifies the service account whose token should be fetched + type: string + type: object + type: object + sessionToken: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + description: Key is a JSONPath expression used to fetch the key from the merged JSON. + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + description: ServiceAccount specifies the service account whose token should be fetched + type: string + type: object + type: object + skipTLSVerify: + description: Skip TLS verify when connecting to aws + type: boolean transformDeleteStrategy: description: Transformed checks have a delete strategy on deletion they can either be marked healthy, unhealthy or left as is type: string diff --git a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/components.yaml b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/components.yaml index 42cd47a74..deabf1b5d 100644 --- a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/components.yaml +++ b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/components.yaml @@ -40,7 +40,12 @@ spec: configs: description: Lookup and associate config items with this component items: + description: ConfigQuery is used to look up and associate config items with a component. properties: + class: + type: string + external_id: + type: string id: items: type: string @@ -114,6 +119,10 @@ spec: config: description: Lookup a config by it properties: + class: + type: string + external_id: + type: string id: items: type: string @@ -239,6 +248,10 @@ spec: type: array summary: properties: + checks: + additionalProperties: + type: integer + type: object healthy: type: integer incidents: diff --git a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/topologies.yaml b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/topologies.yaml index b6ca64d1b..481925d14 100644 --- a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/topologies.yaml +++ b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/topologies.yaml @@ -57,7 +57,12 @@ spec: configs: description: Lookup and associate config items with this component items: + description: ConfigQuery is used to look up and associate config items with a component. properties: + class: + type: string + external_id: + type: string id: items: type: string @@ -131,6 +136,10 @@ spec: config: description: Lookup a config by it properties: + class: + type: string + external_id: + type: string id: items: type: string @@ -256,6 +265,10 @@ spec: type: array summary: properties: + checks: + additionalProperties: + type: integer + type: object healthy: type: integer incidents: @@ -287,7 +300,12 @@ spec: configs: description: Lookup and associate config items with this component items: + description: ConfigQuery is used to look up and associate config items with a component. properties: + class: + type: string + external_id: + type: string id: items: type: string @@ -332,6 +350,10 @@ spec: config: description: Lookup a config by it properties: + class: + type: string + external_id: + type: string id: items: type: string diff --git a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml index d42dda1fd..9b1c5d55b 100644 --- a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml +++ b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml @@ -267,6 +267,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -335,6 +345,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -401,6 +421,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -469,6 +499,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -648,6 +688,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -698,6 +746,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1292,6 +1348,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1342,6 +1406,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1943,6 +2015,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1993,6 +2073,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2845,18 +2933,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2900,6 +2976,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -3088,6 +3166,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: diff --git a/crd-catalog/koordinator-sh/koordinator/config.koordinator.sh/v1alpha1/clustercolocationprofiles.yaml b/crd-catalog/koordinator-sh/koordinator/config.koordinator.sh/v1alpha1/clustercolocationprofiles.yaml index 7d25d647c..4539dcee8 100644 --- a/crd-catalog/koordinator-sh/koordinator/config.koordinator.sh/v1alpha1/clustercolocationprofiles.yaml +++ b/crd-catalog/koordinator-sh/koordinator/config.koordinator.sh/v1alpha1/clustercolocationprofiles.yaml @@ -29,6 +29,11 @@ spec: spec: description: ClusterColocationProfileSpec is a description of a ClusterColocationProfile. properties: + annotationKeysMapping: + additionalProperties: + type: string + description: AnnotationKeysMapping describes the annotations that needs to inject into Pod.Annotations with the same values. It sets the Pod.Annotations[AnnotationsToAnnotations[k]] = Pod.Annotations[k] for each key k. + type: object annotations: additionalProperties: type: string @@ -38,6 +43,11 @@ spec: description: KoordinatorPriority defines the Pod sub-priority in Koordinator. The priority value will be injected into Pod as label koordinator.sh/priority. Various Koordinator components determine the priority of the Pod in the Koordinator through KoordinatorPriority and the priority value in PriorityClassName. The higher the value, the higher the priority. format: int32 type: integer + labelKeysMapping: + additionalProperties: + type: string + description: LabelKeysMapping describes the labels that needs to inject into Pod.Labels with the same values. It sets the Pod.Labels[LabelsToLabels[k]] = Pod.Labels[k] for each key k. + type: object labels: additionalProperties: type: string diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml index 2d196c054..5ccfc26ac 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml @@ -2141,6 +2141,14 @@ spec: items: type: string type: array + restrictedField: + description: RestrictedField selects the field for the given Pod Security Standard control. When not set, all restricted fields for the control are selected. + type: string + values: + description: Values defines the allowed values that can be excluded. + items: + type: string + type: array required: - controlName type: object @@ -4774,6 +4782,14 @@ spec: items: type: string type: array + restrictedField: + description: RestrictedField selects the field for the given Pod Security Standard control. When not set, all restricted fields for the control are selected. + type: string + values: + description: Values defines the allowed values that can be excluded. + items: + type: string + type: array required: - controlName type: object diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml index f0d4a8059..c8431dc72 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml @@ -2141,6 +2141,14 @@ spec: items: type: string type: array + restrictedField: + description: RestrictedField selects the field for the given Pod Security Standard control. When not set, all restricted fields for the control are selected. + type: string + values: + description: Values defines the allowed values that can be excluded. + items: + type: string + type: array required: - controlName type: object @@ -4774,6 +4782,14 @@ spec: items: type: string type: array + restrictedField: + description: RestrictedField selects the field for the given Pod Security Standard control. When not set, all restricted fields for the control are selected. + type: string + values: + description: Values defines the allowed values that can be excluded. + items: + type: string + type: array required: - controlName type: object diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2/admissionreports.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2/admissionreports.yaml new file mode 100644 index 000000000..c0a3502ae --- /dev/null +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2/admissionreports.yaml @@ -0,0 +1,244 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: admissionreports.kyverno.io +spec: + group: kyverno.io + names: + categories: + - kyverno + kind: AdmissionReport + listKind: AdmissionReportList + plural: admissionreports + shortNames: + - admr + singular: admissionreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .spec.summary.pass + name: PASS + type: integer + - jsonPath: .spec.summary.fail + name: FAIL + type: integer + - jsonPath: .spec.summary.warn + name: WARN + type: integer + - jsonPath: .spec.summary.error + name: ERROR + type: integer + - jsonPath: .spec.summary.skip + name: SKIP + type: integer + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr'] + name: GVR + type: string + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name'] + name: REF + type: string + - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate'] + name: AGGREGATE + priority: 1 + type: string + name: v2 + schema: + openAPIV3Schema: + description: AdmissionReport is the Schema for the AdmissionReports API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + owner: + description: Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for the policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for the policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for checked Kubernetes resources. For example, a policy result may apply to all pods that match a label. Either a Subject or a SubjectSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Subjects is an optional reference to the checked Kubernetes resources + items: + description: "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + result: + description: Result indicates the outcome of the policy rule execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within the policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond resolution. Negative second values with fractions must still have non-negative nanos values that count forward in time. Must be from 0 to 999,999,999 inclusive. This field may be limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose requirements were not met + type: integer + type: object + required: + - owner + type: object + required: + - spec + type: object + served: true + storage: false + subresources: {} diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2/backgroundscanreports.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2/backgroundscanreports.yaml new file mode 100644 index 000000000..aa0849981 --- /dev/null +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2/backgroundscanreports.yaml @@ -0,0 +1,217 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: backgroundscanreports.kyverno.io +spec: + group: kyverno.io + names: + categories: + - kyverno + kind: BackgroundScanReport + listKind: BackgroundScanReportList + plural: backgroundscanreports + shortNames: + - bgscanr + singular: backgroundscanreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.ownerReferences[0].apiVersion + name: ApiVersion + type: string + - jsonPath: .metadata.ownerReferences[0].kind + name: Kind + type: string + - jsonPath: .metadata.ownerReferences[0].name + name: Subject + type: string + - jsonPath: .spec.summary.pass + name: Pass + type: integer + - jsonPath: .spec.summary.fail + name: Fail + type: integer + - jsonPath: .spec.summary.warn + name: Warn + type: integer + - jsonPath: .spec.summary.error + name: Error + type: integer + - jsonPath: .spec.summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash'] + name: Hash + priority: 1 + type: string + name: v2 + schema: + openAPIV3Schema: + description: BackgroundScanReport is the Schema for the BackgroundScanReports API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for the policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for the policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for checked Kubernetes resources. For example, a policy result may apply to all pods that match a label. Either a Subject or a SubjectSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Subjects is an optional reference to the checked Kubernetes resources + items: + description: "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + result: + description: Result indicates the outcome of the policy rule execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within the policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond resolution. Negative second values with fractions must still have non-negative nanos values that count forward in time. Must be from 0 to 999,999,999 inclusive. This field may be limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose requirements were not met + type: integer + type: object + type: object + required: + - spec + type: object + served: true + storage: false + subresources: {} diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2/cleanuppolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2/cleanuppolicies.yaml new file mode 100644 index 000000000..340a22f16 --- /dev/null +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2/cleanuppolicies.yaml @@ -0,0 +1,859 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: cleanuppolicies.kyverno.io +spec: + group: kyverno.io + names: + categories: + - kyverno + kind: CleanupPolicy + listKind: CleanupPolicyList + plural: cleanuppolicies + shortNames: + - cleanpol + singular: cleanuppolicy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.schedule + name: Schedule + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: CleanupPolicy defines a rule for resource cleanup. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec declares policy behaviors. + properties: + conditions: + description: Conditions defines the conditions used to select the resources which will be cleaned up. + properties: + all: + description: AllConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, all of the conditions need to pass. + items: + properties: + key: + description: Key is the context entry (using JMESPath) for conditional rule evaluation. + x-kubernetes-preserve-unknown-fields: true + message: + description: Message is an optional display message + type: string + operator: + description: 'Operator is the conditional operation to perform. Valid operators are: Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, DurationLessThanOrEquals, DurationLessThan' + enum: + - Equals + - NotEquals + - AnyIn + - AllIn + - AnyNotIn + - AllNotIn + - GreaterThanOrEquals + - GreaterThan + - LessThanOrEquals + - LessThan + - DurationGreaterThanOrEquals + - DurationGreaterThan + - DurationLessThanOrEquals + - DurationLessThan + type: string + value: + description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using JMESPath. + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + any: + description: AnyConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, at least one of the conditions need to pass. + items: + properties: + key: + description: Key is the context entry (using JMESPath) for conditional rule evaluation. + x-kubernetes-preserve-unknown-fields: true + message: + description: Message is an optional display message + type: string + operator: + description: 'Operator is the conditional operation to perform. Valid operators are: Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, DurationLessThanOrEquals, DurationLessThan' + enum: + - Equals + - NotEquals + - AnyIn + - AllIn + - AnyNotIn + - AllNotIn + - GreaterThanOrEquals + - GreaterThan + - LessThanOrEquals + - LessThan + - DurationGreaterThanOrEquals + - DurationGreaterThan + - DurationLessThanOrEquals + - DurationLessThan + type: string + value: + description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using JMESPath. + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + type: object + context: + description: Context defines variables and data sources that can be used during rule execution. + items: + description: ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided. + properties: + apiCall: + description: APICall is an HTTP request to the Kubernetes API server, or other JSON web service. The data returned is stored in the context with the name for the context entry. + properties: + data: + description: Data specifies the POST data sent to the server. + items: + description: RequestData contains the HTTP POST data + properties: + key: + description: Key is a unique identifier for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array + jmesPath: + description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response returned from the server. For example a JMESPath of "items | length(@)" applied to the API server response for the URLPath "/apis/apps/v1/deployments" will return the total count of deployments across all namespaces. + type: string + method: + default: GET + description: Method is the HTTP request type (GET or POST). + enum: + - GET + - POST + type: string + service: + description: Service is an API call to a JSON web service + properties: + caBundle: + description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. + type: string + url: + description: URL is the JSON web service URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. + type: string + required: + - url + type: object + urlPath: + description: URLPath is the URL path to be used in the HTTP GET or POST request to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls for details. + type: string + type: object + configMap: + description: ConfigMap is the ConfigMap reference. + properties: + name: + description: Name is the ConfigMap name. + type: string + namespace: + description: Namespace is the ConfigMap namespace. + type: string + required: + - name + type: object + imageRegistry: + description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. + properties: + imageRegistryCredentials: + description: ImageRegistryCredentials provides credentials that will be used for authentication with registry + properties: + allowInsecureRegistry: + description: AllowInsecureRegistry allows insecure access to a registry. + type: boolean + providers: + description: 'Providers specifies a list of OCI Registry names, whose authentication providers are provided. It can be of one of these values: default,google,azure,amazon,github.' + items: + description: ImageRegistryCredentialsProvidersType provides the list of credential providers required. + enum: + - default + - amazon + - azure + - google + - github + type: string + type: array + secrets: + description: Secrets specifies a list of secrets that are provided for credentials. Secrets must live in the Kyverno namespace. + items: + type: string + type: array + type: object + jmesPath: + description: JMESPath is an optional JSON Match Expression that can be used to transform the ImageData struct returned as a result of processing the image reference. + type: string + reference: + description: 'Reference is image reference to a container image in the registry. Example: ghcr.io/kyverno/kyverno:latest' + type: string + required: + - reference + type: object + name: + description: Name is the variable name. + type: string + variable: + description: Variable defines an arbitrary JMESPath context variable that can be defined inline. + properties: + default: + description: Default is an optional arbitrary JSON object that the variable may take if the JMESPath expression evaluates to nil + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: JMESPath is an optional JMESPath Expression that can be used to transform the variable. + type: string + value: + description: Value is any arbitrary JSON object representable in YAML or JSON form. + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + type: array + exclude: + description: ExcludeResources defines when cleanuppolicy should not be applied. The exclude criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the name or role. + properties: + all: + description: All allows specifying resources which will be ANDed + items: + description: ResourceFilter allow users to "AND" or "OR" between resources + properties: + clusterRoles: + description: ClusterRoles is the list of cluster-wide role names for the user. + items: + type: string + type: array + resources: + description: ResourceDescription contains information about the resource being created or modified. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of annotations (key-value pairs of type string). Annotation keys and values support the wildcard characters "*" (matches zero or many characters) and "?" (matches at least one character). + type: object + kinds: + description: Kinds is a list of resource kinds. + items: + type: string + type: array + name: + description: 'Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names".' + type: string + names: + description: Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + items: + type: string + type: array + namespaceSelector: + description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: Namespaces is a list of namespaces names. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + items: + type: string + type: array + operations: + description: Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + items: + description: AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action. + enum: + - CREATE + - CONNECT + - UPDATE + - DELETE + type: string + type: array + selector: + description: 'Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + roles: + description: Roles is the list of namespaced role names for the user. + items: + type: string + type: array + subjects: + description: Subjects is the list of subject names like users, user groups, and service accounts. + items: + description: Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + type: array + type: object + type: array + any: + description: Any allows specifying resources which will be ORed + items: + description: ResourceFilter allow users to "AND" or "OR" between resources + properties: + clusterRoles: + description: ClusterRoles is the list of cluster-wide role names for the user. + items: + type: string + type: array + resources: + description: ResourceDescription contains information about the resource being created or modified. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of annotations (key-value pairs of type string). Annotation keys and values support the wildcard characters "*" (matches zero or many characters) and "?" (matches at least one character). + type: object + kinds: + description: Kinds is a list of resource kinds. + items: + type: string + type: array + name: + description: 'Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names".' + type: string + names: + description: Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + items: + type: string + type: array + namespaceSelector: + description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: Namespaces is a list of namespaces names. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + items: + type: string + type: array + operations: + description: Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + items: + description: AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action. + enum: + - CREATE + - CONNECT + - UPDATE + - DELETE + type: string + type: array + selector: + description: 'Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + roles: + description: Roles is the list of namespaced role names for the user. + items: + type: string + type: array + subjects: + description: Subjects is the list of subject names like users, user groups, and service accounts. + items: + description: Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + type: array + type: object + type: array + type: object + match: + description: MatchResources defines when cleanuppolicy should be applied. The match criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the user name or role. At least one kind is required. + properties: + all: + description: All allows specifying resources which will be ANDed + items: + description: ResourceFilter allow users to "AND" or "OR" between resources + properties: + clusterRoles: + description: ClusterRoles is the list of cluster-wide role names for the user. + items: + type: string + type: array + resources: + description: ResourceDescription contains information about the resource being created or modified. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of annotations (key-value pairs of type string). Annotation keys and values support the wildcard characters "*" (matches zero or many characters) and "?" (matches at least one character). + type: object + kinds: + description: Kinds is a list of resource kinds. + items: + type: string + type: array + name: + description: 'Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names".' + type: string + names: + description: Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + items: + type: string + type: array + namespaceSelector: + description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: Namespaces is a list of namespaces names. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + items: + type: string + type: array + operations: + description: Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + items: + description: AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action. + enum: + - CREATE + - CONNECT + - UPDATE + - DELETE + type: string + type: array + selector: + description: 'Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + roles: + description: Roles is the list of namespaced role names for the user. + items: + type: string + type: array + subjects: + description: Subjects is the list of subject names like users, user groups, and service accounts. + items: + description: Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + type: array + type: object + type: array + any: + description: Any allows specifying resources which will be ORed + items: + description: ResourceFilter allow users to "AND" or "OR" between resources + properties: + clusterRoles: + description: ClusterRoles is the list of cluster-wide role names for the user. + items: + type: string + type: array + resources: + description: ResourceDescription contains information about the resource being created or modified. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of annotations (key-value pairs of type string). Annotation keys and values support the wildcard characters "*" (matches zero or many characters) and "?" (matches at least one character). + type: object + kinds: + description: Kinds is a list of resource kinds. + items: + type: string + type: array + name: + description: 'Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names".' + type: string + names: + description: Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + items: + type: string + type: array + namespaceSelector: + description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: Namespaces is a list of namespaces names. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + items: + type: string + type: array + operations: + description: Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + items: + description: AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action. + enum: + - CREATE + - CONNECT + - UPDATE + - DELETE + type: string + type: array + selector: + description: 'Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + roles: + description: Roles is the list of namespaced role names for the user. + items: + type: string + type: array + subjects: + description: Subjects is the list of subject names like users, user groups, and service accounts. + items: + description: Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + type: array + type: object + type: array + type: object + schedule: + description: The schedule in Cron format + type: string + required: + - schedule + type: object + status: + description: Status contains policy runtime data. + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0.0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - 'True' + - 'False' + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastExecutionTime: + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2/clusteradmissionreports.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2/clusteradmissionreports.yaml new file mode 100644 index 000000000..460fdeed9 --- /dev/null +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2/clusteradmissionreports.yaml @@ -0,0 +1,244 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: clusteradmissionreports.kyverno.io +spec: + group: kyverno.io + names: + categories: + - kyverno + kind: ClusterAdmissionReport + listKind: ClusterAdmissionReportList + plural: clusteradmissionreports + shortNames: + - cadmr + singular: clusteradmissionreport + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .spec.summary.pass + name: PASS + type: integer + - jsonPath: .spec.summary.fail + name: FAIL + type: integer + - jsonPath: .spec.summary.warn + name: WARN + type: integer + - jsonPath: .spec.summary.error + name: ERROR + type: integer + - jsonPath: .spec.summary.skip + name: SKIP + type: integer + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr'] + name: GVR + type: string + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name'] + name: REF + type: string + - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate'] + name: AGGREGATE + priority: 1 + type: string + name: v2 + schema: + openAPIV3Schema: + description: ClusterAdmissionReport is the Schema for the ClusterAdmissionReports API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + owner: + description: Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node) + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for the policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for the policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for checked Kubernetes resources. For example, a policy result may apply to all pods that match a label. Either a Subject or a SubjectSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Subjects is an optional reference to the checked Kubernetes resources + items: + description: "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + result: + description: Result indicates the outcome of the policy rule execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within the policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond resolution. Negative second values with fractions must still have non-negative nanos values that count forward in time. Must be from 0 to 999,999,999 inclusive. This field may be limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose requirements were not met + type: integer + type: object + required: + - owner + type: object + required: + - spec + type: object + served: true + storage: false + subresources: {} diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2/clusterbackgroundscanreports.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2/clusterbackgroundscanreports.yaml new file mode 100644 index 000000000..b837f055f --- /dev/null +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2/clusterbackgroundscanreports.yaml @@ -0,0 +1,217 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: clusterbackgroundscanreports.kyverno.io +spec: + group: kyverno.io + names: + categories: + - kyverno + kind: ClusterBackgroundScanReport + listKind: ClusterBackgroundScanReportList + plural: clusterbackgroundscanreports + shortNames: + - cbgscanr + singular: clusterbackgroundscanreport + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.ownerReferences[0].apiVersion + name: ApiVersion + type: string + - jsonPath: .metadata.ownerReferences[0].kind + name: Kind + type: string + - jsonPath: .metadata.ownerReferences[0].name + name: Subject + type: string + - jsonPath: .spec.summary.pass + name: Pass + type: integer + - jsonPath: .spec.summary.fail + name: Fail + type: integer + - jsonPath: .spec.summary.warn + name: Warn + type: integer + - jsonPath: .spec.summary.error + name: Error + type: integer + - jsonPath: .spec.summary.skip + name: Skip + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash'] + name: Hash + priority: 1 + type: string + name: v2 + schema: + openAPIV3Schema: + description: ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + results: + description: PolicyReportResult provides result details + items: + description: PolicyReportResult provides the result for an individual policy + properties: + category: + description: Category indicates policy category + type: string + message: + description: Description is a short user friendly message for the policy rule + type: string + policy: + description: Policy is the name or identifier of the policy + type: string + properties: + additionalProperties: + type: string + description: Properties provides additional information for the policy rule + type: object + resourceSelector: + description: SubjectSelector is an optional label selector for checked Kubernetes resources. For example, a policy result may apply to all pods that match a label. Either a Subject or a SubjectSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Subjects is an optional reference to the checked Kubernetes resources + items: + description: "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + result: + description: Result indicates the outcome of the policy rule execution + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule is the name or identifier of the rule within the policy + type: string + scored: + description: Scored indicates if this result is scored + type: boolean + severity: + description: Severity indicates policy check result criticality + enum: + - critical + - high + - low + - medium + - info + type: string + source: + description: Source is an identifier for the policy engine that manages this report + type: string + timestamp: + description: Timestamp indicates the time the result was found + properties: + nanos: + description: Non-negative fractions of a second at nanosecond resolution. Negative second values with fractions must still have non-negative nanos values that count forward in time. Must be from 0 to 999,999,999 inclusive. This field may be limited in precision depending on context. + format: int32 + type: integer + seconds: + description: Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z inclusive. + format: int64 + type: integer + required: + - nanos + - seconds + type: object + required: + - policy + type: object + type: array + summary: + description: PolicyReportSummary provides a summary of results + properties: + error: + description: Error provides the count of policies that could not be evaluated + type: integer + fail: + description: Fail provides the count of policies whose requirements were not met + type: integer + pass: + description: Pass provides the count of policies whose requirements were met + type: integer + skip: + description: Skip indicates the count of policies that were not selected for evaluation + type: integer + warn: + description: Warn provides the count of non-scored policies whose requirements were not met + type: integer + type: object + type: object + required: + - spec + type: object + served: true + storage: false + subresources: {} diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2/clustercleanuppolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2/clustercleanuppolicies.yaml new file mode 100644 index 000000000..1ec713882 --- /dev/null +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2/clustercleanuppolicies.yaml @@ -0,0 +1,859 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: clustercleanuppolicies.kyverno.io +spec: + group: kyverno.io + names: + categories: + - kyverno + kind: ClusterCleanupPolicy + listKind: ClusterCleanupPolicyList + plural: clustercleanuppolicies + shortNames: + - ccleanpol + singular: clustercleanuppolicy + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.schedule + name: Schedule + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: ClusterCleanupPolicy defines rule for resource cleanup. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec declares policy behaviors. + properties: + conditions: + description: Conditions defines the conditions used to select the resources which will be cleaned up. + properties: + all: + description: AllConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, all of the conditions need to pass. + items: + properties: + key: + description: Key is the context entry (using JMESPath) for conditional rule evaluation. + x-kubernetes-preserve-unknown-fields: true + message: + description: Message is an optional display message + type: string + operator: + description: 'Operator is the conditional operation to perform. Valid operators are: Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, DurationLessThanOrEquals, DurationLessThan' + enum: + - Equals + - NotEquals + - AnyIn + - AllIn + - AnyNotIn + - AllNotIn + - GreaterThanOrEquals + - GreaterThan + - LessThanOrEquals + - LessThan + - DurationGreaterThanOrEquals + - DurationGreaterThan + - DurationLessThanOrEquals + - DurationLessThan + type: string + value: + description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using JMESPath. + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + any: + description: AnyConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, at least one of the conditions need to pass. + items: + properties: + key: + description: Key is the context entry (using JMESPath) for conditional rule evaluation. + x-kubernetes-preserve-unknown-fields: true + message: + description: Message is an optional display message + type: string + operator: + description: 'Operator is the conditional operation to perform. Valid operators are: Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, DurationLessThanOrEquals, DurationLessThan' + enum: + - Equals + - NotEquals + - AnyIn + - AllIn + - AnyNotIn + - AllNotIn + - GreaterThanOrEquals + - GreaterThan + - LessThanOrEquals + - LessThan + - DurationGreaterThanOrEquals + - DurationGreaterThan + - DurationLessThanOrEquals + - DurationLessThan + type: string + value: + description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using JMESPath. + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + type: object + context: + description: Context defines variables and data sources that can be used during rule execution. + items: + description: ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided. + properties: + apiCall: + description: APICall is an HTTP request to the Kubernetes API server, or other JSON web service. The data returned is stored in the context with the name for the context entry. + properties: + data: + description: Data specifies the POST data sent to the server. + items: + description: RequestData contains the HTTP POST data + properties: + key: + description: Key is a unique identifier for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array + jmesPath: + description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response returned from the server. For example a JMESPath of "items | length(@)" applied to the API server response for the URLPath "/apis/apps/v1/deployments" will return the total count of deployments across all namespaces. + type: string + method: + default: GET + description: Method is the HTTP request type (GET or POST). + enum: + - GET + - POST + type: string + service: + description: Service is an API call to a JSON web service + properties: + caBundle: + description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. + type: string + url: + description: URL is the JSON web service URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. + type: string + required: + - url + type: object + urlPath: + description: URLPath is the URL path to be used in the HTTP GET or POST request to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls for details. + type: string + type: object + configMap: + description: ConfigMap is the ConfigMap reference. + properties: + name: + description: Name is the ConfigMap name. + type: string + namespace: + description: Namespace is the ConfigMap namespace. + type: string + required: + - name + type: object + imageRegistry: + description: ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. + properties: + imageRegistryCredentials: + description: ImageRegistryCredentials provides credentials that will be used for authentication with registry + properties: + allowInsecureRegistry: + description: AllowInsecureRegistry allows insecure access to a registry. + type: boolean + providers: + description: 'Providers specifies a list of OCI Registry names, whose authentication providers are provided. It can be of one of these values: default,google,azure,amazon,github.' + items: + description: ImageRegistryCredentialsProvidersType provides the list of credential providers required. + enum: + - default + - amazon + - azure + - google + - github + type: string + type: array + secrets: + description: Secrets specifies a list of secrets that are provided for credentials. Secrets must live in the Kyverno namespace. + items: + type: string + type: array + type: object + jmesPath: + description: JMESPath is an optional JSON Match Expression that can be used to transform the ImageData struct returned as a result of processing the image reference. + type: string + reference: + description: 'Reference is image reference to a container image in the registry. Example: ghcr.io/kyverno/kyverno:latest' + type: string + required: + - reference + type: object + name: + description: Name is the variable name. + type: string + variable: + description: Variable defines an arbitrary JMESPath context variable that can be defined inline. + properties: + default: + description: Default is an optional arbitrary JSON object that the variable may take if the JMESPath expression evaluates to nil + x-kubernetes-preserve-unknown-fields: true + jmesPath: + description: JMESPath is an optional JMESPath Expression that can be used to transform the variable. + type: string + value: + description: Value is any arbitrary JSON object representable in YAML or JSON form. + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + type: array + exclude: + description: ExcludeResources defines when cleanuppolicy should not be applied. The exclude criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the name or role. + properties: + all: + description: All allows specifying resources which will be ANDed + items: + description: ResourceFilter allow users to "AND" or "OR" between resources + properties: + clusterRoles: + description: ClusterRoles is the list of cluster-wide role names for the user. + items: + type: string + type: array + resources: + description: ResourceDescription contains information about the resource being created or modified. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of annotations (key-value pairs of type string). Annotation keys and values support the wildcard characters "*" (matches zero or many characters) and "?" (matches at least one character). + type: object + kinds: + description: Kinds is a list of resource kinds. + items: + type: string + type: array + name: + description: 'Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names".' + type: string + names: + description: Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + items: + type: string + type: array + namespaceSelector: + description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: Namespaces is a list of namespaces names. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + items: + type: string + type: array + operations: + description: Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + items: + description: AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action. + enum: + - CREATE + - CONNECT + - UPDATE + - DELETE + type: string + type: array + selector: + description: 'Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + roles: + description: Roles is the list of namespaced role names for the user. + items: + type: string + type: array + subjects: + description: Subjects is the list of subject names like users, user groups, and service accounts. + items: + description: Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + type: array + type: object + type: array + any: + description: Any allows specifying resources which will be ORed + items: + description: ResourceFilter allow users to "AND" or "OR" between resources + properties: + clusterRoles: + description: ClusterRoles is the list of cluster-wide role names for the user. + items: + type: string + type: array + resources: + description: ResourceDescription contains information about the resource being created or modified. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of annotations (key-value pairs of type string). Annotation keys and values support the wildcard characters "*" (matches zero or many characters) and "?" (matches at least one character). + type: object + kinds: + description: Kinds is a list of resource kinds. + items: + type: string + type: array + name: + description: 'Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names".' + type: string + names: + description: Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + items: + type: string + type: array + namespaceSelector: + description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: Namespaces is a list of namespaces names. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + items: + type: string + type: array + operations: + description: Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + items: + description: AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action. + enum: + - CREATE + - CONNECT + - UPDATE + - DELETE + type: string + type: array + selector: + description: 'Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + roles: + description: Roles is the list of namespaced role names for the user. + items: + type: string + type: array + subjects: + description: Subjects is the list of subject names like users, user groups, and service accounts. + items: + description: Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + type: array + type: object + type: array + type: object + match: + description: MatchResources defines when cleanuppolicy should be applied. The match criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the user name or role. At least one kind is required. + properties: + all: + description: All allows specifying resources which will be ANDed + items: + description: ResourceFilter allow users to "AND" or "OR" between resources + properties: + clusterRoles: + description: ClusterRoles is the list of cluster-wide role names for the user. + items: + type: string + type: array + resources: + description: ResourceDescription contains information about the resource being created or modified. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of annotations (key-value pairs of type string). Annotation keys and values support the wildcard characters "*" (matches zero or many characters) and "?" (matches at least one character). + type: object + kinds: + description: Kinds is a list of resource kinds. + items: + type: string + type: array + name: + description: 'Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names".' + type: string + names: + description: Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + items: + type: string + type: array + namespaceSelector: + description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: Namespaces is a list of namespaces names. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + items: + type: string + type: array + operations: + description: Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + items: + description: AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action. + enum: + - CREATE + - CONNECT + - UPDATE + - DELETE + type: string + type: array + selector: + description: 'Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + roles: + description: Roles is the list of namespaced role names for the user. + items: + type: string + type: array + subjects: + description: Subjects is the list of subject names like users, user groups, and service accounts. + items: + description: Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + type: array + type: object + type: array + any: + description: Any allows specifying resources which will be ORed + items: + description: ResourceFilter allow users to "AND" or "OR" between resources + properties: + clusterRoles: + description: ClusterRoles is the list of cluster-wide role names for the user. + items: + type: string + type: array + resources: + description: ResourceDescription contains information about the resource being created or modified. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of annotations (key-value pairs of type string). Annotation keys and values support the wildcard characters "*" (matches zero or many characters) and "?" (matches at least one character). + type: object + kinds: + description: Kinds is a list of resource kinds. + items: + type: string + type: array + name: + description: 'Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names".' + type: string + names: + description: Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + items: + type: string + type: array + namespaceSelector: + description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: Namespaces is a list of namespaces names. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + items: + type: string + type: array + operations: + description: Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + items: + description: AdmissionOperation can have one of the values CREATE, UPDATE, CONNECT, DELETE, which are used to match a specific action. + enum: + - CREATE + - CONNECT + - UPDATE + - DELETE + type: string + type: array + selector: + description: 'Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + roles: + description: Roles is the list of namespaced role names for the user. + items: + type: string + type: array + subjects: + description: Subjects is the list of subject names like users, user groups, and service accounts. + items: + description: Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + type: array + type: object + type: array + type: object + schedule: + description: The schedule in Cron format + type: string + required: + - schedule + type: object + status: + description: Status contains policy runtime data. + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0.0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - 'True' + - 'False' + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastExecutionTime: + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2/policyexceptions.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2/policyexceptions.yaml index 798dcd6dd..7055af454 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2/policyexceptions.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2/policyexceptions.yaml @@ -416,4 +416,4 @@ spec: - spec type: object served: true - storage: true + storage: false diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2/updaterequests.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2/updaterequests.yaml new file mode 100644 index 000000000..78ecaab85 --- /dev/null +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2/updaterequests.yaml @@ -0,0 +1,313 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: updaterequests.kyverno.io +spec: + group: kyverno.io + names: + categories: + - kyverno + kind: UpdateRequest + listKind: UpdateRequestList + plural: updaterequests + shortNames: + - ur + singular: updaterequest + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.policy + name: Policy + type: string + - jsonPath: .spec.requestType + name: RuleType + type: string + - jsonPath: .spec.resource.kind + name: ResourceKind + type: string + - jsonPath: .spec.resource.name + name: ResourceName + type: string + - jsonPath: .spec.resource.namespace + name: ResourceNamespace + type: string + - jsonPath: .status.state + name: status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: UpdateRequest is a request to process mutate and generate rules in background. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ResourceSpec is the information to identify the trigger resource. + properties: + context: + description: Context ... + properties: + admissionRequestInfo: + description: AdmissionRequestInfoObject stores the admission request and operation details + properties: + admissionRequest: + description: AdmissionRequest describes the admission.Attributes for the admission request. + properties: + dryRun: + description: DryRun indicates that modifications will definitely not be persisted for this request. Defaults to false. + type: boolean + kind: + description: Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale) + properties: + group: + type: string + kind: + type: string + version: + type: string + required: + - group + - kind + - version + type: object + name: + description: Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and rely on the server to generate the name. If that is the case, this field will contain an empty string. + type: string + namespace: + description: Namespace is the namespace associated with the request (if any). + type: string + object: + description: Object is the object from the incoming request. + type: object + x-kubernetes-preserve-unknown-fields: true + oldObject: + description: OldObject is the existing object. Only populated for DELETE and UPDATE requests. + type: object + x-kubernetes-preserve-unknown-fields: true + operation: + description: Operation is the operation being performed. This may be different than the operation requested. e.g. a patch can result in either a CREATE or UPDATE Operation. + type: string + options: + description: Options is the operation option structure of the operation being performed. e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be different than the options the caller provided. e.g. for a patch request the performed Operation might be a CREATE, in which case the Options will a `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`. + type: object + x-kubernetes-preserve-unknown-fields: true + requestKind: + description: "RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). If this is specified and differs from the value in \"kind\", an equivalent match and conversion was performed. \n For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]` and `matchPolicy: Equivalent`, an API request to apps/v1beta1 deployments would be converted and sent to the webhook with `kind: {group:\"apps\", version:\"v1\", kind:\"Deployment\"}` (matching the rule the webhook registered for), and `requestKind: {group:\"apps\", version:\"v1beta1\", kind:\"Deployment\"}` (indicating the kind of the original API request). \n See documentation for the \"matchPolicy\" field in the webhook configuration type for more details." + properties: + group: + type: string + kind: + type: string + version: + type: string + required: + - group + - kind + - version + type: object + requestResource: + description: "RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). If this is specified and differs from the value in \"resource\", an equivalent match and conversion was performed. \n For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]` and `matchPolicy: Equivalent`, an API request to apps/v1beta1 deployments would be converted and sent to the webhook with `resource: {group:\"apps\", version:\"v1\", resource:\"deployments\"}` (matching the resource the webhook registered for), and `requestResource: {group:\"apps\", version:\"v1beta1\", resource:\"deployments\"}` (indicating the resource of the original API request). \n See documentation for the \"matchPolicy\" field in the webhook configuration type." + properties: + group: + type: string + resource: + type: string + version: + type: string + required: + - group + - resource + - version + type: object + requestSubResource: + description: RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale") If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed. See documentation for the "matchPolicy" field in the webhook configuration type. + type: string + resource: + description: Resource is the fully-qualified resource being requested (for example, v1.pods) + properties: + group: + type: string + resource: + type: string + version: + type: string + required: + - group + - resource + - version + type: object + subResource: + description: SubResource is the subresource being requested, if any (for example, "status" or "scale") + type: string + uid: + description: UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are otherwise identical (parallel requests, requests when earlier requests did not modify etc) The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request. It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging. + type: string + userInfo: + description: UserInfo is information about the requesting user + properties: + extra: + additionalProperties: + description: ExtraValue masks the value so protobuf can generate + items: + type: string + type: array + description: Any additional information provided by the authenticator. + type: object + groups: + description: The names of groups this user is a part of. + items: + type: string + type: array + uid: + description: A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs. + type: string + username: + description: The name that uniquely identifies this user among all active users. + type: string + type: object + required: + - kind + - operation + - resource + - uid + - userInfo + type: object + operation: + description: Operation is the type of resource operation being checked for admission control + type: string + type: object + userInfo: + description: RequestInfo contains permission info carried in an admission request. + properties: + clusterRoles: + description: ClusterRoles is a list of possible clusterRoles send the request. + items: + type: string + nullable: true + type: array + roles: + description: Roles is a list of possible role send the request. + items: + type: string + nullable: true + type: array + userInfo: + description: UserInfo is the userInfo carried in the admission request. + properties: + extra: + additionalProperties: + description: ExtraValue masks the value so protobuf can generate + items: + type: string + type: array + description: Any additional information provided by the authenticator. + type: object + groups: + description: The names of groups this user is a part of. + items: + type: string + type: array + uid: + description: A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs. + type: string + username: + description: The name that uniquely identifies this user among all active users. + type: string + type: object + type: object + type: object + deleteDownstream: + description: DeleteDownstream represents whether the downstream needs to be deleted. + type: boolean + policy: + description: Specifies the name of the policy. + type: string + requestType: + description: Type represents request type for background processing + enum: + - mutate + - generate + type: string + resource: + description: ResourceSpec is the information to identify the trigger resource. + properties: + apiVersion: + description: APIVersion specifies resource apiVersion. + type: string + kind: + description: Kind specifies resource kind. + type: string + name: + description: Name specifies the resource name. + type: string + namespace: + description: Namespace specifies resource namespace. + type: string + uid: + description: UID specifies the resource uid. + type: string + type: object + rule: + description: Rule is the associate rule name of the current UR. + type: string + synchronize: + description: Synchronize represents the sync behavior of the corresponding rule Optional. Defaults to "false" if not specified. + type: boolean + required: + - context + - deleteDownstream + - policy + - resource + - rule + type: object + status: + description: Status contains statistics related to update request. + properties: + generatedResources: + description: This will track the resources that are updated by the generate Policy. Will be used during clean up resources. + items: + properties: + apiVersion: + description: APIVersion specifies resource apiVersion. + type: string + kind: + description: Kind specifies resource kind. + type: string + name: + description: Name specifies the resource name. + type: string + namespace: + description: Namespace specifies resource namespace. + type: string + uid: + description: UID specifies the resource uid. + type: string + type: object + type: array + message: + description: Specifies request status message. + type: string + retryCount: + type: integer + state: + description: State represents state of the update request. + type: string + required: + - state + type: object + type: object + served: true + storage: false + subresources: + status: {} diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/cleanuppolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/cleanuppolicies.yaml index 838d0ffd4..f58d043b1 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/cleanuppolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/cleanuppolicies.yaml @@ -24,7 +24,6 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - deprecated: true name: v2alpha1 schema: openAPIV3Schema: @@ -854,7 +853,7 @@ spec: required: - spec type: object - served: true + served: false storage: false subresources: status: {} diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/clustercleanuppolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/clustercleanuppolicies.yaml index ec3ae436e..515bfd0d7 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/clustercleanuppolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2alpha1/clustercleanuppolicies.yaml @@ -24,7 +24,6 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - deprecated: true name: v2alpha1 schema: openAPIV3Schema: @@ -854,7 +853,7 @@ spec: required: - spec type: object - served: true + served: false storage: false subresources: status: {} diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml index 0a4067b7b..34be188ad 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml @@ -2009,6 +2009,14 @@ spec: items: type: string type: array + restrictedField: + description: RestrictedField selects the field for the given Pod Security Standard control. When not set, all restricted fields for the control are selected. + type: string + values: + description: Values defines the allowed values that can be excluded. + items: + type: string + type: array required: - controlName type: object @@ -4617,6 +4625,14 @@ spec: items: type: string type: array + restrictedField: + description: RestrictedField selects the field for the given Pod Security Standard control. When not set, all restricted fields for the control are selected. + type: string + values: + description: Values defines the allowed values that can be excluded. + items: + type: string + type: array required: - controlName type: object diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml index 8cfe86f17..1718e2efd 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml @@ -2009,6 +2009,14 @@ spec: items: type: string type: array + restrictedField: + description: RestrictedField selects the field for the given Pod Security Standard control. When not set, all restricted fields for the control are selected. + type: string + values: + description: Values defines the allowed values that can be excluded. + items: + type: string + type: array required: - controlName type: object @@ -4617,6 +4625,14 @@ spec: items: type: string type: array + restrictedField: + description: RestrictedField selects the field for the given Pod Security Standard control. When not set, all restricted fields for the control are selected. + type: string + values: + description: Values defines the allowed values that can be excluded. + items: + type: string + type: array required: - controlName type: object diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policyexceptions.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policyexceptions.yaml index 112527f3d..a17ea6b39 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policyexceptions.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policyexceptions.yaml @@ -17,8 +17,7 @@ spec: singular: policyexception scope: Namespaced versions: - - deprecated: true - name: v2beta1 + - name: v2beta1 schema: openAPIV3Schema: description: PolicyException declares resources to be excluded from specified policies. @@ -417,4 +416,4 @@ spec: - spec type: object served: true - storage: false + storage: true diff --git a/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/engines.yaml b/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/engines.yaml index 7cd604a47..f489fea4f 100644 --- a/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/engines.yaml +++ b/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/engines.yaml @@ -21,6 +21,10 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: + - description: The data engine of the engine + jsonPath: .spec.dataEngine + name: Data Engine + type: string - description: The current state of the engine jsonPath: .status.currentState name: State @@ -59,12 +63,15 @@ spec: active: type: boolean backendStoreDriver: + description: Deprecated. + type: string + backupVolume: + type: string + dataEngine: enum: - v1 - v2 type: string - backupVolume: - type: string desireState: type: string disableFrontend: diff --git a/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/instancemanagers.yaml b/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/instancemanagers.yaml index aad1c2dee..27751c12a 100644 --- a/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/instancemanagers.yaml +++ b/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/instancemanagers.yaml @@ -21,6 +21,10 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: + - description: The data engine of the instance manager + jsonPath: .spec.dataEngine + name: Data Engine + type: string - description: The state of the instance manager jsonPath: .status.currentState name: State @@ -52,6 +56,11 @@ spec: spec: description: InstanceManagerSpec defines the desired state of the Longhorn instancer manager properties: + backendStoreDriver: + description: Deprecated. + type: string + dataEngine: + type: string image: type: string nodeID: @@ -78,12 +87,19 @@ spec: spec: properties: backendStoreDriver: + description: Deprecated. + type: string + dataEngine: type: string name: type: string type: object status: properties: + conditions: + additionalProperties: + type: boolean + type: object endpoint: type: string errorMsg: @@ -113,12 +129,19 @@ spec: spec: properties: backendStoreDriver: + description: Deprecated. + type: string + dataEngine: type: string name: type: string type: object status: properties: + conditions: + additionalProperties: + type: boolean + type: object endpoint: type: string errorMsg: @@ -154,6 +177,10 @@ spec: type: object status: properties: + conditions: + additionalProperties: + type: boolean + type: object endpoint: type: string errorMsg: diff --git a/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/nodes.yaml b/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/nodes.yaml index 09a3ddc30..ffb05fc38 100644 --- a/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/nodes.yaml +++ b/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/nodes.yaml @@ -66,6 +66,7 @@ spec: description: NodeSpec defines the desired state of the Longhorn node properties: allowScheduling: + description: Allow scheduling replicas on the node. type: boolean disks: additionalProperties: @@ -161,6 +162,8 @@ spec: type: string diskUUID: type: string + filesystemType: + type: string scheduledReplica: additionalProperties: format: int64 @@ -177,19 +180,21 @@ spec: format: int64 type: integer type: object + description: The status of the disks on the node. nullable: true type: object region: + description: The Region of the node. type: string snapshotCheckStatus: + description: The status of the snapshot integrity check. properties: lastPeriodicCheckedAt: format: date-time type: string - snapshotCheckState: - type: string type: object zone: + description: The Zone of the node. type: string type: object type: object diff --git a/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/replicas.yaml b/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/replicas.yaml index 0014826cf..787eee869 100644 --- a/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/replicas.yaml +++ b/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/replicas.yaml @@ -21,6 +21,10 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: + - description: The data engine of the replica + jsonPath: .spec.dataEngine + name: Data Engine + type: string - description: The current state of the replica jsonPath: .status.currentState name: State @@ -63,14 +67,17 @@ spec: active: type: boolean backendStoreDriver: - enum: - - v1 - - v2 + description: Deprecated. type: string backingImage: type: string dataDirectoryName: type: string + dataEngine: + enum: + - v1 + - v2 + type: string desireState: type: string diskID: diff --git a/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/volumes.yaml b/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/volumes.yaml index 9115b18c7..8ebca2d03 100644 --- a/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/volumes.yaml +++ b/crd-catalog/longhorn/longhorn/longhorn.io/v1beta2/volumes.yaml @@ -34,6 +34,10 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: + - description: The data engine of the volume + jsonPath: .spec.dataEngine + name: Data Engine + type: string - description: The state of the volume jsonPath: .status.state name: State @@ -81,9 +85,7 @@ spec: - rwx type: string backendStoreDriver: - enum: - - v1 - - v2 + description: Deprecated. type: string backingImage: type: string @@ -93,6 +95,11 @@ spec: - lz4 - gzip type: string + dataEngine: + enum: + - v1 + - v2 + type: string dataLocality: enum: - disabled diff --git a/crd-catalog/mariadb-operator/mariadb-operator/mariadb.mmontes.io/v1alpha1/backups.yaml b/crd-catalog/mariadb-operator/mariadb-operator/mariadb.mmontes.io/v1alpha1/backups.yaml index a1c3c91be..e742347f2 100644 --- a/crd-catalog/mariadb-operator/mariadb-operator/mariadb.mmontes.io/v1alpha1/backups.yaml +++ b/crd-catalog/mariadb-operator/mariadb-operator/mariadb.mmontes.io/v1alpha1/backups.yaml @@ -522,10 +522,13 @@ spec: type: string type: array backoffLimit: - default: 5 description: BackoffLimit defines the maximum number of attempts to successfully take a Backup. format: int32 type: integer + logLevel: + default: info + description: LogLevel to be used n the Backup Job. It defaults to 'info'. + type: string mariaDbRef: description: MariaDBRef is a reference to a MariaDB object. properties: @@ -556,11 +559,9 @@ spec: type: boolean type: object x-kubernetes-map-type: atomic - maxRetentionDays: - default: 30 - description: MaxRetentionDays defined the maximum age that Backups should have. Old backup will be cleaned up by the Backup Job. - format: int32 - type: integer + maxRetention: + description: MaxRetention defines the retention policy for backups. Old backups will be cleaned up by the Backup Job. It defaults to 30 days. + type: string nodeSelector: additionalProperties: type: string @@ -749,6 +750,95 @@ spec: description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object + s3: + description: S3 defines the configuration to store backups in a S3 compatible storage. + properties: + accessKeyIdSecretKeyRef: + description: AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 access key id. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + description: Bucket is the name Name of the bucket to store backups. + type: string + endpoint: + description: Endpoint is the S3 API endpoint without scheme. + type: string + region: + description: Region is the S3 region name to use. + type: string + secretAccessKeySecretKeyRef: + description: AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 secret key. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecretKeyRef: + description: SessionTokenSecretKeyRef is a reference to a Secret key containing the S3 session token. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tls: + description: TLS provides the configuration required to establish TLS connections with S3. + properties: + caSecretKeyRef: + description: CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enabled: + description: Enabled is a flag to enable TLS. + type: boolean + type: object + required: + - accessKeyIdSecretKeyRef + - bucket + - endpoint + - secretAccessKeySecretKeyRef + type: object volume: description: Volume is a Kubernetes volume specification. properties: diff --git a/crd-catalog/mariadb-operator/mariadb-operator/mariadb.mmontes.io/v1alpha1/mariadbs.yaml b/crd-catalog/mariadb-operator/mariadb-operator/mariadb.mmontes.io/v1alpha1/mariadbs.yaml index 4db0cfd55..bc1ee423d 100644 --- a/crd-catalog/mariadb-operator/mariadb-operator/mariadb.mmontes.io/v1alpha1/mariadbs.yaml +++ b/crd-catalog/mariadb-operator/mariadb-operator/mariadb.mmontes.io/v1alpha1/mariadbs.yaml @@ -525,13 +525,102 @@ spec: description: BootstrapFrom defines a source to bootstrap from. properties: backupRef: - description: BackupRef is a reference to a Backup object. + description: BackupRef is a reference to a Backup object. It has priority over S3 and Volume. properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic + s3: + description: S3 defines the configuration to restore backups from a S3 compatible storage. It has priority over Volume. + properties: + accessKeyIdSecretKeyRef: + description: AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 access key id. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + description: Bucket is the name Name of the bucket to store backups. + type: string + endpoint: + description: Endpoint is the S3 API endpoint without scheme. + type: string + region: + description: Region is the S3 region name to use. + type: string + secretAccessKeySecretKeyRef: + description: AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 secret key. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecretKeyRef: + description: SessionTokenSecretKeyRef is a reference to a Secret key containing the S3 session token. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tls: + description: TLS provides the configuration required to establish TLS connections with S3. + properties: + caSecretKeyRef: + description: CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enabled: + description: Enabled is a flag to enable TLS. + type: boolean + type: object + required: + - accessKeyIdSecretKeyRef + - bucket + - endpoint + - secretAccessKeySecretKeyRef + type: object targetRecoveryTime: description: TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective. It is used to determine the closest restoration source in time. format: date-time diff --git a/crd-catalog/mariadb-operator/mariadb-operator/mariadb.mmontes.io/v1alpha1/restores.yaml b/crd-catalog/mariadb-operator/mariadb-operator/mariadb.mmontes.io/v1alpha1/restores.yaml index 2a3ff0eb8..9af38649f 100644 --- a/crd-catalog/mariadb-operator/mariadb-operator/mariadb.mmontes.io/v1alpha1/restores.yaml +++ b/crd-catalog/mariadb-operator/mariadb-operator/mariadb.mmontes.io/v1alpha1/restores.yaml @@ -522,13 +522,17 @@ spec: format: int32 type: integer backupRef: - description: BackupRef is a reference to a Backup object. + description: BackupRef is a reference to a Backup object. It has priority over S3 and Volume. properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic + logLevel: + default: info + description: LogLevel to be used n the Backup Job. It defaults to 'info'. + type: string mariaDbRef: description: MariaDBRef is a reference to a MariaDB object. properties: @@ -609,6 +613,95 @@ spec: - OnFailure - Never type: string + s3: + description: S3 defines the configuration to restore backups from a S3 compatible storage. It has priority over Volume. + properties: + accessKeyIdSecretKeyRef: + description: AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 access key id. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + description: Bucket is the name Name of the bucket to store backups. + type: string + endpoint: + description: Endpoint is the S3 API endpoint without scheme. + type: string + region: + description: Region is the S3 region name to use. + type: string + secretAccessKeySecretKeyRef: + description: AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 secret key. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecretKeyRef: + description: SessionTokenSecretKeyRef is a reference to a Secret key containing the S3 session token. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tls: + description: TLS provides the configuration required to establish TLS connections with S3. + properties: + caSecretKeyRef: + description: CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enabled: + description: Enabled is a flag to enable TLS. + type: boolean + type: object + required: + - accessKeyIdSecretKeyRef + - bucket + - endpoint + - secretAccessKeySecretKeyRef + type: object targetRecoveryTime: description: TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective. It is used to determine the closest restoration source in time. format: date-time diff --git a/crd-catalog/otterize/helm-charts/k8s.otterize.com/v1alpha3/clientintents.yaml b/crd-catalog/otterize/helm-charts/k8s.otterize.com/v1alpha3/clientintents.yaml index df39195f7..a5507d2ac 100644 --- a/crd-catalog/otterize/helm-charts/k8s.otterize.com/v1alpha3/clientintents.yaml +++ b/crd-catalog/otterize/helm-charts/k8s.otterize.com/v1alpha3/clientintents.yaml @@ -91,6 +91,17 @@ spec: - databaseName type: object type: array + internet: + properties: + ips: + items: + type: string + type: array + ports: + items: + type: integer + type: array + type: object kafkaTopics: items: properties: @@ -125,9 +136,8 @@ spec: - kafka - database - aws + - internet type: string - required: - - name type: object type: array service: diff --git a/crd-catalog/ray-project/kuberay/ray.io/v1/rayclusters.yaml b/crd-catalog/ray-project/kuberay/ray.io/v1/rayclusters.yaml index 493a9be8e..ea6b01a22 100644 --- a/crd-catalog/ray-project/kuberay/ray.io/v1/rayclusters.yaml +++ b/crd-catalog/ray-project/kuberay/ray.io/v1/rayclusters.yaml @@ -22,6 +22,19 @@ spec: - jsonPath: .status.availableWorkerReplicas name: available workers type: integer + - jsonPath: .status.desiredCPUs + name: cpus + type: string + - jsonPath: .status.desiredMemory + name: memory + type: string + - jsonPath: .status.desiredGPUs + name: gpus + type: string + - jsonPath: .status.desiredTPUs + name: tpus + priority: 1 + type: string - jsonPath: .status.state name: status type: string @@ -7047,6 +7060,30 @@ spec: availableWorkerReplicas: format: int32 type: integer + desiredCPUs: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + desiredGPUs: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + desiredMemory: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + desiredTPUs: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true desiredWorkerReplicas: format: int32 type: integer diff --git a/crd-catalog/ray-project/kuberay/ray.io/v1/rayjobs.yaml b/crd-catalog/ray-project/kuberay/ray.io/v1/rayjobs.yaml index 2c91aad5a..2cffaa0da 100644 --- a/crd-catalog/ray-project/kuberay/ray.io/v1/rayjobs.yaml +++ b/crd-catalog/ray-project/kuberay/ray.io/v1/rayjobs.yaml @@ -10314,6 +10314,7 @@ spec: suspend: type: boolean ttlSecondsAfterFinished: + default: 0 format: int32 type: integer required: @@ -10344,6 +10345,30 @@ spec: availableWorkerReplicas: format: int32 type: integer + desiredCPUs: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + desiredGPUs: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + desiredMemory: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + desiredTPUs: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true desiredWorkerReplicas: format: int32 type: integer diff --git a/crd-catalog/ray-project/kuberay/ray.io/v1/rayservices.yaml b/crd-catalog/ray-project/kuberay/ray.io/v1/rayservices.yaml index e02eed4e4..2e6dcb484 100644 --- a/crd-catalog/ray-project/kuberay/ray.io/v1/rayservices.yaml +++ b/crd-catalog/ray-project/kuberay/ray.io/v1/rayservices.yaml @@ -7326,6 +7326,30 @@ spec: availableWorkerReplicas: format: int32 type: integer + desiredCPUs: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + desiredGPUs: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + desiredMemory: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + desiredTPUs: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true desiredWorkerReplicas: format: int32 type: integer @@ -7406,6 +7430,30 @@ spec: availableWorkerReplicas: format: int32 type: integer + desiredCPUs: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + desiredGPUs: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + desiredMemory: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + desiredTPUs: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true desiredWorkerReplicas: format: int32 type: integer diff --git a/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1alpha1/scyllaoperatorconfigs.yaml b/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1alpha1/scyllaoperatorconfigs.yaml index 794d4169f..27c2244e4 100644 --- a/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1alpha1/scyllaoperatorconfigs.yaml +++ b/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1alpha1/scyllaoperatorconfigs.yaml @@ -16,6 +16,7 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: + description: ScyllaOperatorConfig describes the Scylla Operator configuration. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' diff --git a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/backuppolicytemplates.rs b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/backuppolicytemplates.rs index d9435fe76..9e7e9325d 100644 --- a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/backuppolicytemplates.rs +++ b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/backuppolicytemplates.rs @@ -26,12 +26,18 @@ pub struct BackupPolicyTemplateSpec { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BackupPolicyTemplateBackupPolicies { + /// Specifies the number of retries before marking the backup failed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "backoffLimit")] + pub backoff_limit: Option, /// backupMethods defines the backup methods. #[serde(rename = "backupMethods")] pub backup_methods: Vec, /// componentDefRef references componentDef defined in ClusterDefinition spec. Need to comply with IANA Service Naming rule. - #[serde(rename = "componentDefRef")] - pub component_def_ref: String, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "componentDefRef")] + pub component_def_ref: Option, + /// componentDef references componentDefinition. Need to comply with IANA Service Naming rule. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "componentDefs")] + pub component_defs: Option>, /// schedule policy for backup. #[serde(default, skip_serializing_if = "Option::is_none")] pub schedules: Option>, @@ -160,8 +166,11 @@ pub struct BackupPolicyTemplateBackupPoliciesBackupMethodsEnvMapping { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BackupPolicyTemplateBackupPoliciesBackupMethodsEnvMappingValueFrom { /// mapped ClusterVersionRef to env value. - #[serde(rename = "clusterVersionRef")] - pub cluster_version_ref: Vec, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterVersionRef")] + pub cluster_version_ref: Option>, + /// mapped ComponentDefinition to env value. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "componentDef")] + pub component_def: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -173,6 +182,15 @@ pub struct BackupPolicyTemplateBackupPoliciesBackupMethodsEnvMappingValueFromClu pub names: Vec, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BackupPolicyTemplateBackupPoliciesBackupMethodsEnvMappingValueFromComponentDef { + /// mapping value for the specified ClusterVersion names. + #[serde(rename = "mappingValue")] + pub mapping_value: String, + /// the array of ClusterVersion name which can be mapped to the env value. + pub names: Vec, +} + /// runtimeSettings specifies runtime settings for the backup workload container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BackupPolicyTemplateBackupPoliciesBackupMethodsRuntimeSettings { diff --git a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/clusters.rs b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/clusters.rs index fa7e777f2..e0d6389ba 100644 --- a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/clusters.rs +++ b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/clusters.rs @@ -860,6 +860,9 @@ pub struct ClusterStatusComponentsMembersStatus { /// PodName pod name. #[serde(rename = "podName")] pub pod_name: String, + /// Is it required for rsm to have at least one primary pod to be ready. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readyWithoutPrimary")] + pub ready_without_primary: Option, pub role: ClusterStatusComponentsMembersStatusRole, } diff --git a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/opsrequests.rs b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/opsrequests.rs index ea178599c..3ee2f75a1 100644 --- a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/opsrequests.rs +++ b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/opsrequests.rs @@ -337,6 +337,9 @@ pub struct OpsRequestRestoreSpec { /// backupName is the name of the backup. #[serde(rename = "backupName")] pub backup_name: String, + /// effectiveCommonComponentDef describes this backup will be restored for all components which refer to common ComponentDefinition. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "effectiveCommonComponentDef")] + pub effective_common_component_def: Option, /// restoreTime point in time to restore #[serde(default, skip_serializing_if = "Option::is_none", rename = "restoreTimeStr")] pub restore_time_str: Option, diff --git a/kube-custom-resources-rs/src/canaries_flanksource_com/v1/canaries.rs b/kube-custom-resources-rs/src/canaries_flanksource_com/v1/canaries.rs index 76f4d20ce..9c990354e 100644 --- a/kube-custom-resources-rs/src/canaries_flanksource_com/v1/canaries.rs +++ b/kube-custom-resources-rs/src/canaries_flanksource_com/v1/canaries.rs @@ -3407,16 +3407,167 @@ pub struct CanaryFolder { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CanaryFolderAwsConnection { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessKey")] + pub access_key: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub bucket: Option, + /// ConnectionName of the connection. It'll be used to populate the endpoint, accessKey and secretKey. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub connection: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub endpoint: Option, /// glob path to restrict matches to a subset #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectPath")] pub object_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub region: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKey")] + pub secret_key: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sessionToken")] + pub session_token: Option, + /// Skip TLS verify when connecting to aws + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipTLSVerify")] + pub skip_tls_verify: Option, /// Use path style path: http://s3.amazonaws.com/BUCKET/KEY instead of http://BUCKET.s3.amazonaws.com/KEY #[serde(default, skip_serializing_if = "Option::is_none", rename = "usePathStyle")] pub use_path_style: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryFolderAwsConnectionAccessKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryFolderAwsConnectionAccessKeyValueFrom { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "helmRef")] + pub helm_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, + /// ServiceAccount specifies the service account whose token should be fetched + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccount")] + pub service_account: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryFolderAwsConnectionAccessKeyValueFromConfigMapKeyRef { + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryFolderAwsConnectionAccessKeyValueFromHelmRef { + /// Key is a JSONPath expression used to fetch the key from the merged JSON. + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryFolderAwsConnectionAccessKeyValueFromSecretKeyRef { + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryFolderAwsConnectionSecretKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryFolderAwsConnectionSecretKeyValueFrom { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "helmRef")] + pub helm_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, + /// ServiceAccount specifies the service account whose token should be fetched + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccount")] + pub service_account: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryFolderAwsConnectionSecretKeyValueFromConfigMapKeyRef { + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryFolderAwsConnectionSecretKeyValueFromHelmRef { + /// Key is a JSONPath expression used to fetch the key from the merged JSON. + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryFolderAwsConnectionSecretKeyValueFromSecretKeyRef { + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryFolderAwsConnectionSessionToken { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryFolderAwsConnectionSessionTokenValueFrom { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "helmRef")] + pub helm_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, + /// ServiceAccount specifies the service account whose token should be fetched + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccount")] + pub service_account: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryFolderAwsConnectionSessionTokenValueFromConfigMapKeyRef { + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryFolderAwsConnectionSessionTokenValueFromHelmRef { + /// Key is a JSONPath expression used to fetch the key from the merged JSON. + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryFolderAwsConnectionSessionTokenValueFromSecretKeyRef { + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CanaryFolderDisplay { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -6529,13 +6680,20 @@ pub struct CanaryResticSecretKeyValueFromSecretKeyRef { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CanaryS3 { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessKey")] + pub access_key: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub bucket: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "bucketName")] pub bucket_name: Option, + /// ConnectionName of the connection. It'll be used to populate the endpoint, accessKey and secretKey. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub connection: Option, /// Description for the check #[serde(default, skip_serializing_if = "Option::is_none")] pub description: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub endpoint: Option, /// Icon for overwriting default icon on the dashboard #[serde(default, skip_serializing_if = "Option::is_none")] pub icon: Option, @@ -6553,6 +6711,15 @@ pub struct CanaryS3 { /// glob path to restrict matches to a subset #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectPath")] pub object_path: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub region: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKey")] + pub secret_key: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sessionToken")] + pub session_token: Option, + /// Skip TLS verify when connecting to aws + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipTLSVerify")] + pub skip_tls_verify: Option, /// Transformed checks have a delete strategy on deletion they can either be marked healthy, unhealthy or left as is #[serde(default, skip_serializing_if = "Option::is_none", rename = "transformDeleteStrategy")] pub transform_delete_strategy: Option, @@ -6561,6 +6728,51 @@ pub struct CanaryS3 { pub use_path_style: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryS3AccessKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryS3AccessKeyValueFrom { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "helmRef")] + pub helm_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, + /// ServiceAccount specifies the service account whose token should be fetched + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccount")] + pub service_account: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryS3AccessKeyValueFromConfigMapKeyRef { + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryS3AccessKeyValueFromHelmRef { + /// Key is a JSONPath expression used to fetch the key from the merged JSON. + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryS3AccessKeyValueFromSecretKeyRef { + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CanaryS3Metrics { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -6582,6 +6794,96 @@ pub struct CanaryS3MetricsLabels { pub value_expr: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryS3SecretKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryS3SecretKeyValueFrom { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "helmRef")] + pub helm_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, + /// ServiceAccount specifies the service account whose token should be fetched + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccount")] + pub service_account: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryS3SecretKeyValueFromConfigMapKeyRef { + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryS3SecretKeyValueFromHelmRef { + /// Key is a JSONPath expression used to fetch the key from the merged JSON. + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryS3SecretKeyValueFromSecretKeyRef { + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryS3SessionToken { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryS3SessionTokenValueFrom { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "helmRef")] + pub helm_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, + /// ServiceAccount specifies the service account whose token should be fetched + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccount")] + pub service_account: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryS3SessionTokenValueFromConfigMapKeyRef { + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryS3SessionTokenValueFromHelmRef { + /// Key is a JSONPath expression used to fetch the key from the merged JSON. + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CanaryS3SessionTokenValueFromSecretKeyRef { + pub key: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CanaryTcp { /// Description for the check diff --git a/kube-custom-resources-rs/src/config_koordinator_sh/v1alpha1/clustercolocationprofiles.rs b/kube-custom-resources-rs/src/config_koordinator_sh/v1alpha1/clustercolocationprofiles.rs index 8a5abe43d..4f8434915 100644 --- a/kube-custom-resources-rs/src/config_koordinator_sh/v1alpha1/clustercolocationprofiles.rs +++ b/kube-custom-resources-rs/src/config_koordinator_sh/v1alpha1/clustercolocationprofiles.rs @@ -14,12 +14,18 @@ use k8s_openapi::apimachinery::pkg::util::intstr::IntOrString; #[kube(status = "ClusterColocationProfileStatus")] #[kube(schema = "disabled")] pub struct ClusterColocationProfileSpec { + /// AnnotationKeysMapping describes the annotations that needs to inject into Pod.Annotations with the same values. It sets the Pod.Annotations[AnnotationsToAnnotations[k]] = Pod.Annotations[k] for each key k. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "annotationKeysMapping")] + pub annotation_keys_mapping: Option>, /// Annotations describes the k/v pair that needs to inject into Pod.Annotations #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, /// KoordinatorPriority defines the Pod sub-priority in Koordinator. The priority value will be injected into Pod as label koordinator.sh/priority. Various Koordinator components determine the priority of the Pod in the Koordinator through KoordinatorPriority and the priority value in PriorityClassName. The higher the value, the higher the priority. #[serde(default, skip_serializing_if = "Option::is_none", rename = "koordinatorPriority")] pub koordinator_priority: Option, + /// LabelKeysMapping describes the labels that needs to inject into Pod.Labels with the same values. It sets the Pod.Labels[LabelsToLabels[k]] = Pod.Labels[k] for each key k. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelKeysMapping")] + pub label_keys_mapping: Option>, /// Labels describes the k/v pair that needs to inject into Pod.Labels #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, diff --git a/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/backups.rs b/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/backups.rs index 09b3a3d6f..968b42b3f 100644 --- a/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/backups.rs +++ b/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/backups.rs @@ -52,6 +52,9 @@ pub struct BackupStatus { /// expiration is when this backup is eligible for garbage collection. 'null' means the Backup will NOT be cleaned except delete manual. #[serde(default, skip_serializing_if = "Option::is_none")] pub expiration: Option, + /// extra records the extra info for the backup. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub extras: Option>>, /// failureReason is an error that caused the backup to fail. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureReason")] pub failure_reason: Option, diff --git a/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/restores.rs b/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/restores.rs index aa17b4ec6..4a08b707b 100644 --- a/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/restores.rs +++ b/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/restores.rs @@ -14,6 +14,9 @@ use k8s_openapi::apimachinery::pkg::util::intstr::IntOrString; #[kube(status = "RestoreStatus")] #[kube(schema = "disabled")] pub struct RestoreSpec { + /// Specifies the number of retries before marking the restore failed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "backoffLimit")] + pub backoff_limit: Option, /// backup to be restored. The restore behavior based on the backup type: 1. Full: will be restored the full backup directly. 2. Incremental: will be restored sequentially from the most recent full backup of this incremental backup. 3. Differential: will be restored sequentially from the parent backup of the differential backup. 4. Continuous: will find the most recent full backup at this time point and the continuous backups after it to restore. pub backup: RestoreBackup, /// specified the required resources of restore job's container. diff --git a/kube-custom-resources-rs/src/druid_apache_org/v1alpha1/druids.rs b/kube-custom-resources-rs/src/druid_apache_org/v1alpha1/druids.rs index c75cd5727..432514b7a 100644 --- a/kube-custom-resources-rs/src/druid_apache_org/v1alpha1/druids.rs +++ b/kube-custom-resources-rs/src/druid_apache_org/v1alpha1/druids.rs @@ -1312,9 +1312,9 @@ pub struct DruidNodes { /// Services Overrides services at top level. #[serde(default, skip_serializing_if = "Option::is_none")] pub services: Option>, - /// StartUpProbes - #[serde(default, skip_serializing_if = "Option::is_none", rename = "startUpProbes")] - pub start_up_probes: Option, + /// StartUpProbe + #[serde(default, skip_serializing_if = "Option::is_none", rename = "startUpProbe")] + pub start_up_probe: Option, /// TerminationGracePeriodSeconds #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, @@ -3677,21 +3677,21 @@ pub struct DruidNodesServicesStatusLoadBalancerIngressPorts { pub protocol: String, } -/// StartUpProbes +/// StartUpProbe #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub struct DruidNodesStartUpProbes { +pub struct DruidNodesStartUpProbe { /// Exec specifies the action to take. #[serde(default, skip_serializing_if = "Option::is_none")] - pub exec: Option, + pub exec: Option, /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] - pub grpc: Option, + pub grpc: Option, /// HTTPGet specifies the http request to perform. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpGet")] - pub http_get: Option, + pub http_get: Option, /// Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "initialDelaySeconds")] pub initial_delay_seconds: Option, @@ -3703,7 +3703,7 @@ pub struct DruidNodesStartUpProbes { pub success_threshold: Option, /// TCPSocket specifies an action involving a TCP port. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tcpSocket")] - pub tcp_socket: Option, + pub tcp_socket: Option, /// Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, @@ -3714,7 +3714,7 @@ pub struct DruidNodesStartUpProbes { /// Exec specifies the action to take. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub struct DruidNodesStartUpProbesExec { +pub struct DruidNodesStartUpProbeExec { /// Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option>, @@ -3722,7 +3722,7 @@ pub struct DruidNodesStartUpProbesExec { /// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub struct DruidNodesStartUpProbesGrpc { +pub struct DruidNodesStartUpProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. pub port: i32, /// Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). @@ -3733,13 +3733,13 @@ pub struct DruidNodesStartUpProbesGrpc { /// HTTPGet specifies the http request to perform. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub struct DruidNodesStartUpProbesHttpGet { +pub struct DruidNodesStartUpProbeHttpGet { /// Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, /// Custom headers to set in the request. HTTP allows repeated headers. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpHeaders")] - pub http_headers: Option>, + pub http_headers: Option>, /// Path to access on the HTTP server. #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, @@ -3752,7 +3752,7 @@ pub struct DruidNodesStartUpProbesHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub struct DruidNodesStartUpProbesHttpGetHttpHeaders { +pub struct DruidNodesStartUpProbeHttpGetHttpHeaders { /// The header field name pub name: String, /// The header field value @@ -3761,7 +3761,7 @@ pub struct DruidNodesStartUpProbesHttpGetHttpHeaders { /// TCPSocket specifies an action involving a TCP port. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub struct DruidNodesStartUpProbesTcpSocket { +pub struct DruidNodesStartUpProbeTcpSocket { /// Optional: Host name to connect to, defaults to the pod IP. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, diff --git a/kube-custom-resources-rs/src/k8s_otterize_com/v1alpha3/clientintents.rs b/kube-custom-resources-rs/src/k8s_otterize_com/v1alpha3/clientintents.rs index c47d3809e..3b13accda 100644 --- a/kube-custom-resources-rs/src/k8s_otterize_com/v1alpha3/clientintents.rs +++ b/kube-custom-resources-rs/src/k8s_otterize_com/v1alpha3/clientintents.rs @@ -24,9 +24,12 @@ pub struct ClientIntentsCalls { pub aws_actions: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "databaseResources")] pub database_resources: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub internet: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "kafkaTopics")] pub kafka_topics: Option>, - pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } @@ -47,6 +50,14 @@ pub struct ClientIntentsCallsDatabaseResources { pub table: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClientIntentsCallsInternet { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ips: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ports: Option>, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClientIntentsCallsKafkaTopics { pub name: String, @@ -63,6 +74,8 @@ pub enum ClientIntentsCallsType { Database, #[serde(rename = "aws")] Aws, + #[serde(rename = "internet")] + Internet, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs index c9807b226..762d6422c 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs @@ -2046,6 +2046,12 @@ pub struct ClusterPolicyRulesValidatePodSecurityExclude { /// Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only. Wildcards ('*' and '?') are allowed. See: https://kubernetes.io/docs/concepts/containers/images. #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// RestrictedField selects the field for the given Pod Security Standard control. When not set, all restricted fields for the control are selected. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "restrictedField")] + pub restricted_field: Option, + /// Values defines the allowed values that can be excluded. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, } /// PodSecurityStandard specifies the Pod Security Standard controls to be excluded. @@ -4697,6 +4703,12 @@ pub struct ClusterPolicyStatusAutogenRulesValidatePodSecurityExclude { /// Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only. Wildcards ('*' and '?') are allowed. See: https://kubernetes.io/docs/concepts/containers/images. #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// RestrictedField selects the field for the given Pod Security Standard control. When not set, all restricted fields for the control are selected. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "restrictedField")] + pub restricted_field: Option, + /// Values defines the allowed values that can be excluded. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, } /// PodSecurityStandard specifies the Pod Security Standard controls to be excluded. diff --git a/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs b/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs index 1ba7d50dc..7cf72a459 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs @@ -2047,6 +2047,12 @@ pub struct PolicyRulesValidatePodSecurityExclude { /// Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only. Wildcards ('*' and '?') are allowed. See: https://kubernetes.io/docs/concepts/containers/images. #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// RestrictedField selects the field for the given Pod Security Standard control. When not set, all restricted fields for the control are selected. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "restrictedField")] + pub restricted_field: Option, + /// Values defines the allowed values that can be excluded. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, } /// PodSecurityStandard specifies the Pod Security Standard controls to be excluded. @@ -4698,6 +4704,12 @@ pub struct PolicyStatusAutogenRulesValidatePodSecurityExclude { /// Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only. Wildcards ('*' and '?') are allowed. See: https://kubernetes.io/docs/concepts/containers/images. #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// RestrictedField selects the field for the given Pod Security Standard control. When not set, all restricted fields for the control are selected. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "restrictedField")] + pub restricted_field: Option, + /// Values defines the allowed values that can be excluded. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, } /// PodSecurityStandard specifies the Pod Security Standard controls to be excluded. diff --git a/kube-custom-resources-rs/src/kyverno_io/v2/admissionreports.rs b/kube-custom-resources-rs/src/kyverno_io/v2/admissionreports.rs new file mode 100644 index 000000000..6008caee4 --- /dev/null +++ b/kube-custom-resources-rs/src/kyverno_io/v2/admissionreports.rs @@ -0,0 +1,192 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/kyverno/kyverno/kyverno.io/v2/admissionreports.yaml --derive=Default --derive=PartialEq +// kopium version: 0.16.2 + +use kube::CustomResource; +use serde::{Serialize, Deserialize}; +use std::collections::BTreeMap; + +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "kyverno.io", version = "v2", kind = "AdmissionReport", plural = "admissionreports")] +#[kube(namespaced)] +#[kube(schema = "disabled")] +pub struct AdmissionReportSpec { + /// Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node) + pub owner: AdmissionReportOwner, + /// PolicyReportResult provides result details + #[serde(default, skip_serializing_if = "Option::is_none")] + pub results: Option>, + /// PolicyReportSummary provides a summary of results + #[serde(default, skip_serializing_if = "Option::is_none")] + pub summary: Option, +} + +/// Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AdmissionReportOwner { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "blockOwnerDeletion")] + pub block_owner_deletion: Option, + /// If true, this reference points to the managing controller. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub controller: Option, + /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names + pub name: String, + /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids + pub uid: String, +} + +/// PolicyReportResult provides the result for an individual policy +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AdmissionReportResults { + /// Category indicates policy category + #[serde(default, skip_serializing_if = "Option::is_none")] + pub category: Option, + /// Description is a short user friendly message for the policy rule + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Policy is the name or identifier of the policy + pub policy: String, + /// Properties provides additional information for the policy rule + #[serde(default, skip_serializing_if = "Option::is_none")] + pub properties: Option>, + /// SubjectSelector is an optional label selector for checked Kubernetes resources. For example, a policy result may apply to all pods that match a label. Either a Subject or a SubjectSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceSelector")] + pub resource_selector: Option, + /// Subjects is an optional reference to the checked Kubernetes resources + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option>, + /// Result indicates the outcome of the policy rule execution + #[serde(default, skip_serializing_if = "Option::is_none")] + pub result: Option, + /// Rule is the name or identifier of the rule within the policy + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rule: Option, + /// Scored indicates if this result is scored + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scored: Option, + /// Severity indicates policy check result criticality + #[serde(default, skip_serializing_if = "Option::is_none")] + pub severity: Option, + /// Source is an identifier for the policy engine that manages this report + #[serde(default, skip_serializing_if = "Option::is_none")] + pub source: Option, + /// Timestamp indicates the time the result was found + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timestamp: Option, +} + +/// SubjectSelector is an optional label selector for checked Kubernetes resources. For example, a policy result may apply to all pods that match a label. Either a Subject or a SubjectSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AdmissionReportResultsResourceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AdmissionReportResultsResourceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. +/// Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AdmissionReportResultsResources { + /// API version of the referent. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] + pub field_path: Option, + /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] + pub resource_version: Option, + /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uid: Option, +} + +/// PolicyReportResult provides the result for an individual policy +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AdmissionReportResultsResult { + #[serde(rename = "pass")] + Pass, + #[serde(rename = "fail")] + Fail, + #[serde(rename = "warn")] + Warn, + #[serde(rename = "error")] + Error, + #[serde(rename = "skip")] + Skip, +} + +/// PolicyReportResult provides the result for an individual policy +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AdmissionReportResultsSeverity { + #[serde(rename = "critical")] + Critical, + #[serde(rename = "high")] + High, + #[serde(rename = "low")] + Low, + #[serde(rename = "medium")] + Medium, + #[serde(rename = "info")] + Info, +} + +/// Timestamp indicates the time the result was found +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AdmissionReportResultsTimestamp { + /// Non-negative fractions of a second at nanosecond resolution. Negative second values with fractions must still have non-negative nanos values that count forward in time. Must be from 0 to 999,999,999 inclusive. This field may be limited in precision depending on context. + pub nanos: i32, + /// Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z inclusive. + pub seconds: i64, +} + +/// PolicyReportSummary provides a summary of results +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AdmissionReportSummary { + /// Error provides the count of policies that could not be evaluated + #[serde(default, skip_serializing_if = "Option::is_none")] + pub error: Option, + /// Fail provides the count of policies whose requirements were not met + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fail: Option, + /// Pass provides the count of policies whose requirements were met + #[serde(default, skip_serializing_if = "Option::is_none")] + pub pass: Option, + /// Skip indicates the count of policies that were not selected for evaluation + #[serde(default, skip_serializing_if = "Option::is_none")] + pub skip: Option, + /// Warn provides the count of non-scored policies whose requirements were not met + #[serde(default, skip_serializing_if = "Option::is_none")] + pub warn: Option, +} + diff --git a/kube-custom-resources-rs/src/kyverno_io/v2/backgroundscanreports.rs b/kube-custom-resources-rs/src/kyverno_io/v2/backgroundscanreports.rs new file mode 100644 index 000000000..19d34fee7 --- /dev/null +++ b/kube-custom-resources-rs/src/kyverno_io/v2/backgroundscanreports.rs @@ -0,0 +1,170 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/kyverno/kyverno/kyverno.io/v2/backgroundscanreports.yaml --derive=Default --derive=PartialEq +// kopium version: 0.16.2 + +use kube::CustomResource; +use serde::{Serialize, Deserialize}; +use std::collections::BTreeMap; + +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "kyverno.io", version = "v2", kind = "BackgroundScanReport", plural = "backgroundscanreports")] +#[kube(namespaced)] +#[kube(schema = "disabled")] +pub struct BackgroundScanReportSpec { + /// PolicyReportResult provides result details + #[serde(default, skip_serializing_if = "Option::is_none")] + pub results: Option>, + /// PolicyReportSummary provides a summary of results + #[serde(default, skip_serializing_if = "Option::is_none")] + pub summary: Option, +} + +/// PolicyReportResult provides the result for an individual policy +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BackgroundScanReportResults { + /// Category indicates policy category + #[serde(default, skip_serializing_if = "Option::is_none")] + pub category: Option, + /// Description is a short user friendly message for the policy rule + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Policy is the name or identifier of the policy + pub policy: String, + /// Properties provides additional information for the policy rule + #[serde(default, skip_serializing_if = "Option::is_none")] + pub properties: Option>, + /// SubjectSelector is an optional label selector for checked Kubernetes resources. For example, a policy result may apply to all pods that match a label. Either a Subject or a SubjectSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceSelector")] + pub resource_selector: Option, + /// Subjects is an optional reference to the checked Kubernetes resources + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option>, + /// Result indicates the outcome of the policy rule execution + #[serde(default, skip_serializing_if = "Option::is_none")] + pub result: Option, + /// Rule is the name or identifier of the rule within the policy + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rule: Option, + /// Scored indicates if this result is scored + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scored: Option, + /// Severity indicates policy check result criticality + #[serde(default, skip_serializing_if = "Option::is_none")] + pub severity: Option, + /// Source is an identifier for the policy engine that manages this report + #[serde(default, skip_serializing_if = "Option::is_none")] + pub source: Option, + /// Timestamp indicates the time the result was found + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timestamp: Option, +} + +/// SubjectSelector is an optional label selector for checked Kubernetes resources. For example, a policy result may apply to all pods that match a label. Either a Subject or a SubjectSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BackgroundScanReportResultsResourceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BackgroundScanReportResultsResourceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. +/// Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BackgroundScanReportResultsResources { + /// API version of the referent. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] + pub field_path: Option, + /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] + pub resource_version: Option, + /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uid: Option, +} + +/// PolicyReportResult provides the result for an individual policy +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum BackgroundScanReportResultsResult { + #[serde(rename = "pass")] + Pass, + #[serde(rename = "fail")] + Fail, + #[serde(rename = "warn")] + Warn, + #[serde(rename = "error")] + Error, + #[serde(rename = "skip")] + Skip, +} + +/// PolicyReportResult provides the result for an individual policy +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum BackgroundScanReportResultsSeverity { + #[serde(rename = "critical")] + Critical, + #[serde(rename = "high")] + High, + #[serde(rename = "low")] + Low, + #[serde(rename = "medium")] + Medium, + #[serde(rename = "info")] + Info, +} + +/// Timestamp indicates the time the result was found +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BackgroundScanReportResultsTimestamp { + /// Non-negative fractions of a second at nanosecond resolution. Negative second values with fractions must still have non-negative nanos values that count forward in time. Must be from 0 to 999,999,999 inclusive. This field may be limited in precision depending on context. + pub nanos: i32, + /// Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z inclusive. + pub seconds: i64, +} + +/// PolicyReportSummary provides a summary of results +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BackgroundScanReportSummary { + /// Error provides the count of policies that could not be evaluated + #[serde(default, skip_serializing_if = "Option::is_none")] + pub error: Option, + /// Fail provides the count of policies whose requirements were not met + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fail: Option, + /// Pass provides the count of policies whose requirements were met + #[serde(default, skip_serializing_if = "Option::is_none")] + pub pass: Option, + /// Skip indicates the count of policies that were not selected for evaluation + #[serde(default, skip_serializing_if = "Option::is_none")] + pub skip: Option, + /// Warn provides the count of non-scored policies whose requirements were not met + #[serde(default, skip_serializing_if = "Option::is_none")] + pub warn: Option, +} + diff --git a/kube-custom-resources-rs/src/kyverno_io/v2/cleanuppolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v2/cleanuppolicies.rs new file mode 100644 index 000000000..151bd60ac --- /dev/null +++ b/kube-custom-resources-rs/src/kyverno_io/v2/cleanuppolicies.rs @@ -0,0 +1,721 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/kyverno/kyverno/kyverno.io/v2/cleanuppolicies.yaml --derive=Default --derive=PartialEq +// kopium version: 0.16.2 + +use kube::CustomResource; +use serde::{Serialize, Deserialize}; +use std::collections::BTreeMap; +use std::collections::HashMap; + +/// Spec declares policy behaviors. +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "kyverno.io", version = "v2", kind = "CleanupPolicy", plural = "cleanuppolicies")] +#[kube(namespaced)] +#[kube(status = "CleanupPolicyStatus")] +#[kube(schema = "disabled")] +pub struct CleanupPolicySpec { + /// Conditions defines the conditions used to select the resources which will be cleaned up. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option, + /// Context defines variables and data sources that can be used during rule execution. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option>, + /// ExcludeResources defines when cleanuppolicy should not be applied. The exclude criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the name or role. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub exclude: Option, + /// MatchResources defines when cleanuppolicy should be applied. The match criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the user name or role. At least one kind is required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option, + /// The schedule in Cron format + pub schedule: String, +} + +/// Conditions defines the conditions used to select the resources which will be cleaned up. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyConditions { + /// AllConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, all of the conditions need to pass. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// AnyConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, at least one of the conditions need to pass. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyConditionsAll { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option>, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CleanupPolicyConditionsAllOperator { + Equals, + NotEquals, + AnyIn, + AllIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyConditionsAny { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option>, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CleanupPolicyConditionsAnyOperator { + Equals, + NotEquals, + AnyIn, + AllIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + +/// ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyContext { + /// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. The data returned is stored in the context with the name for the context entry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiCall")] + pub api_call: Option, + /// ConfigMap is the ConfigMap reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] + pub image_registry: Option, + /// Name is the variable name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Variable defines an arbitrary JMESPath context variable that can be defined inline. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub variable: Option, +} + +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. The data returned is stored in the context with the name for the context entry. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyContextApiCall { + /// Data specifies the POST data sent to the server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub data: Option>, + /// JMESPath is an optional JSON Match Expression that can be used to transform the JSON response returned from the server. For example a JMESPath of "items | length(@)" applied to the API server response for the URLPath "/apis/apps/v1/deployments" will return the total count of deployments across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Method is the HTTP request type (GET or POST). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Service is an API call to a JSON web service + #[serde(default, skip_serializing_if = "Option::is_none")] + pub service: Option, + /// URLPath is the URL path to be used in the HTTP GET or POST request to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls for details. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlPath")] + pub url_path: Option, +} + +/// RequestData contains the HTTP POST data +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyContextApiCallData { + /// Key is a unique identifier for the data value + pub key: String, + /// Value is the data value + pub value: HashMap, +} + +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. The data returned is stored in the context with the name for the context entry. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CleanupPolicyContextApiCallMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, +} + +/// Service is an API call to a JSON web service +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyContextApiCallService { + /// CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caBundle")] + pub ca_bundle: Option, + /// URL is the JSON web service URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. + pub url: String, +} + +/// ConfigMap is the ConfigMap reference. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyContextConfigMap { + /// Name is the ConfigMap name. + pub name: String, + /// Namespace is the ConfigMap namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyContextImageRegistry { + /// ImageRegistryCredentials provides credentials that will be used for authentication with registry + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistryCredentials")] + pub image_registry_credentials: Option, + /// JMESPath is an optional JSON Match Expression that can be used to transform the ImageData struct returned as a result of processing the image reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Reference is image reference to a container image in the registry. Example: ghcr.io/kyverno/kyverno:latest + pub reference: String, +} + +/// ImageRegistryCredentials provides credentials that will be used for authentication with registry +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyContextImageRegistryImageRegistryCredentials { + /// AllowInsecureRegistry allows insecure access to a registry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowInsecureRegistry")] + pub allow_insecure_registry: Option, + /// Providers specifies a list of OCI Registry names, whose authentication providers are provided. It can be of one of these values: default,google,azure,amazon,github. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub providers: Option>, + /// Secrets specifies a list of secrets that are provided for credentials. Secrets must live in the Kyverno namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secrets: Option>, +} + +/// Variable defines an arbitrary JMESPath context variable that can be defined inline. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyContextVariable { + /// Default is an optional arbitrary JSON object that the variable may take if the JMESPath expression evaluates to nil + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option>, + /// JMESPath is an optional JMESPath Expression that can be used to transform the variable. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Value is any arbitrary JSON object representable in YAML or JSON form. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option>, +} + +/// ExcludeResources defines when cleanuppolicy should not be applied. The exclude criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the name or role. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyExclude { + /// All allows specifying resources which will be ANDed + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// Any allows specifying resources which will be ORed + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, +} + +/// ResourceFilter allow users to "AND" or "OR" between resources +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyExcludeAll { + /// ClusterRoles is the list of cluster-wide role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] + pub cluster_roles: Option>, + /// ResourceDescription contains information about the resource being created or modified. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// Roles is the list of namespaced role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub roles: Option>, + /// Subjects is the list of subject names like users, user groups, and service accounts. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subjects: Option>, +} + +/// ResourceDescription contains information about the resource being created or modified. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyExcludeAllResources { + /// Annotations is a map of annotations (key-value pairs of type string). Annotation keys and values support the wildcard characters "*" (matches zero or many characters) and "?" (matches at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Kinds is a list of resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kinds: Option>, + /// Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub names: Option>, + /// NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// Namespaces is a list of namespaces names. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operations: Option>, + /// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +/// NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyExcludeAllResourcesNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyExcludeAllResourcesNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyExcludeAllResourcesSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyExcludeAllResourcesSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyExcludeAllSubjects { + /// APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + pub kind: String, + /// Name of the object being referenced. + pub name: String, + /// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// ResourceFilter allow users to "AND" or "OR" between resources +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyExcludeAny { + /// ClusterRoles is the list of cluster-wide role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] + pub cluster_roles: Option>, + /// ResourceDescription contains information about the resource being created or modified. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// Roles is the list of namespaced role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub roles: Option>, + /// Subjects is the list of subject names like users, user groups, and service accounts. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subjects: Option>, +} + +/// ResourceDescription contains information about the resource being created or modified. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyExcludeAnyResources { + /// Annotations is a map of annotations (key-value pairs of type string). Annotation keys and values support the wildcard characters "*" (matches zero or many characters) and "?" (matches at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Kinds is a list of resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kinds: Option>, + /// Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub names: Option>, + /// NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// Namespaces is a list of namespaces names. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operations: Option>, + /// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +/// NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyExcludeAnyResourcesNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyExcludeAnyResourcesNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyExcludeAnyResourcesSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyExcludeAnyResourcesSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyExcludeAnySubjects { + /// APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + pub kind: String, + /// Name of the object being referenced. + pub name: String, + /// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// MatchResources defines when cleanuppolicy should be applied. The match criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the user name or role. At least one kind is required. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyMatch { + /// All allows specifying resources which will be ANDed + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// Any allows specifying resources which will be ORed + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, +} + +/// ResourceFilter allow users to "AND" or "OR" between resources +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyMatchAll { + /// ClusterRoles is the list of cluster-wide role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] + pub cluster_roles: Option>, + /// ResourceDescription contains information about the resource being created or modified. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// Roles is the list of namespaced role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub roles: Option>, + /// Subjects is the list of subject names like users, user groups, and service accounts. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subjects: Option>, +} + +/// ResourceDescription contains information about the resource being created or modified. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyMatchAllResources { + /// Annotations is a map of annotations (key-value pairs of type string). Annotation keys and values support the wildcard characters "*" (matches zero or many characters) and "?" (matches at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Kinds is a list of resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kinds: Option>, + /// Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub names: Option>, + /// NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// Namespaces is a list of namespaces names. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operations: Option>, + /// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +/// NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyMatchAllResourcesNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyMatchAllResourcesNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyMatchAllResourcesSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyMatchAllResourcesSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyMatchAllSubjects { + /// APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + pub kind: String, + /// Name of the object being referenced. + pub name: String, + /// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// ResourceFilter allow users to "AND" or "OR" between resources +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyMatchAny { + /// ClusterRoles is the list of cluster-wide role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] + pub cluster_roles: Option>, + /// ResourceDescription contains information about the resource being created or modified. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// Roles is the list of namespaced role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub roles: Option>, + /// Subjects is the list of subject names like users, user groups, and service accounts. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subjects: Option>, +} + +/// ResourceDescription contains information about the resource being created or modified. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyMatchAnyResources { + /// Annotations is a map of annotations (key-value pairs of type string). Annotation keys and values support the wildcard characters "*" (matches zero or many characters) and "?" (matches at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Kinds is a list of resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kinds: Option>, + /// Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub names: Option>, + /// NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// Namespaces is a list of namespaces names. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operations: Option>, + /// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +/// NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyMatchAnyResourcesNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyMatchAnyResourcesNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyMatchAnyResourcesSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyMatchAnyResourcesSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyMatchAnySubjects { + /// APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + pub kind: String, + /// Name of the object being referenced. + pub name: String, + /// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// Status contains policy runtime data. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyStatus { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastExecutionTime")] + pub last_execution_time: Option, +} + +/// Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, +/// type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +/// // other fields } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CleanupPolicyStatusConditions { + /// lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + #[serde(rename = "lastTransitionTime")] + pub last_transition_time: String, + /// message is a human readable message indicating details about the transition. This may be an empty string. + pub message: String, + /// observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedGeneration")] + pub observed_generation: Option, + /// reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + pub reason: String, + /// status of the condition, one of True, False, Unknown. + pub status: CleanupPolicyStatusConditionsStatus, + /// type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + #[serde(rename = "type")] + pub r#type: String, +} + +/// Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, +/// type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +/// // other fields } +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CleanupPolicyStatusConditionsStatus { + True, + False, + Unknown, +} + diff --git a/kube-custom-resources-rs/src/kyverno_io/v2/clusteradmissionreports.rs b/kube-custom-resources-rs/src/kyverno_io/v2/clusteradmissionreports.rs new file mode 100644 index 000000000..04b9a5914 --- /dev/null +++ b/kube-custom-resources-rs/src/kyverno_io/v2/clusteradmissionreports.rs @@ -0,0 +1,191 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/kyverno/kyverno/kyverno.io/v2/clusteradmissionreports.yaml --derive=Default --derive=PartialEq +// kopium version: 0.16.2 + +use kube::CustomResource; +use serde::{Serialize, Deserialize}; +use std::collections::BTreeMap; + +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "kyverno.io", version = "v2", kind = "ClusterAdmissionReport", plural = "clusteradmissionreports")] +#[kube(schema = "disabled")] +pub struct ClusterAdmissionReportSpec { + /// Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node) + pub owner: ClusterAdmissionReportOwner, + /// PolicyReportResult provides result details + #[serde(default, skip_serializing_if = "Option::is_none")] + pub results: Option>, + /// PolicyReportSummary provides a summary of results + #[serde(default, skip_serializing_if = "Option::is_none")] + pub summary: Option, +} + +/// Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterAdmissionReportOwner { + /// API version of the referent. + #[serde(rename = "apiVersion")] + pub api_version: String, + /// If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "blockOwnerDeletion")] + pub block_owner_deletion: Option, + /// If true, this reference points to the managing controller. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub controller: Option, + /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + pub kind: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names + pub name: String, + /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids + pub uid: String, +} + +/// PolicyReportResult provides the result for an individual policy +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterAdmissionReportResults { + /// Category indicates policy category + #[serde(default, skip_serializing_if = "Option::is_none")] + pub category: Option, + /// Description is a short user friendly message for the policy rule + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Policy is the name or identifier of the policy + pub policy: String, + /// Properties provides additional information for the policy rule + #[serde(default, skip_serializing_if = "Option::is_none")] + pub properties: Option>, + /// SubjectSelector is an optional label selector for checked Kubernetes resources. For example, a policy result may apply to all pods that match a label. Either a Subject or a SubjectSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceSelector")] + pub resource_selector: Option, + /// Subjects is an optional reference to the checked Kubernetes resources + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option>, + /// Result indicates the outcome of the policy rule execution + #[serde(default, skip_serializing_if = "Option::is_none")] + pub result: Option, + /// Rule is the name or identifier of the rule within the policy + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rule: Option, + /// Scored indicates if this result is scored + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scored: Option, + /// Severity indicates policy check result criticality + #[serde(default, skip_serializing_if = "Option::is_none")] + pub severity: Option, + /// Source is an identifier for the policy engine that manages this report + #[serde(default, skip_serializing_if = "Option::is_none")] + pub source: Option, + /// Timestamp indicates the time the result was found + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timestamp: Option, +} + +/// SubjectSelector is an optional label selector for checked Kubernetes resources. For example, a policy result may apply to all pods that match a label. Either a Subject or a SubjectSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterAdmissionReportResultsResourceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterAdmissionReportResultsResourceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. +/// Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterAdmissionReportResultsResources { + /// API version of the referent. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] + pub field_path: Option, + /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] + pub resource_version: Option, + /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uid: Option, +} + +/// PolicyReportResult provides the result for an individual policy +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterAdmissionReportResultsResult { + #[serde(rename = "pass")] + Pass, + #[serde(rename = "fail")] + Fail, + #[serde(rename = "warn")] + Warn, + #[serde(rename = "error")] + Error, + #[serde(rename = "skip")] + Skip, +} + +/// PolicyReportResult provides the result for an individual policy +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterAdmissionReportResultsSeverity { + #[serde(rename = "critical")] + Critical, + #[serde(rename = "high")] + High, + #[serde(rename = "low")] + Low, + #[serde(rename = "medium")] + Medium, + #[serde(rename = "info")] + Info, +} + +/// Timestamp indicates the time the result was found +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterAdmissionReportResultsTimestamp { + /// Non-negative fractions of a second at nanosecond resolution. Negative second values with fractions must still have non-negative nanos values that count forward in time. Must be from 0 to 999,999,999 inclusive. This field may be limited in precision depending on context. + pub nanos: i32, + /// Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z inclusive. + pub seconds: i64, +} + +/// PolicyReportSummary provides a summary of results +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterAdmissionReportSummary { + /// Error provides the count of policies that could not be evaluated + #[serde(default, skip_serializing_if = "Option::is_none")] + pub error: Option, + /// Fail provides the count of policies whose requirements were not met + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fail: Option, + /// Pass provides the count of policies whose requirements were met + #[serde(default, skip_serializing_if = "Option::is_none")] + pub pass: Option, + /// Skip indicates the count of policies that were not selected for evaluation + #[serde(default, skip_serializing_if = "Option::is_none")] + pub skip: Option, + /// Warn provides the count of non-scored policies whose requirements were not met + #[serde(default, skip_serializing_if = "Option::is_none")] + pub warn: Option, +} + diff --git a/kube-custom-resources-rs/src/kyverno_io/v2/clusterbackgroundscanreports.rs b/kube-custom-resources-rs/src/kyverno_io/v2/clusterbackgroundscanreports.rs new file mode 100644 index 000000000..47eca80e5 --- /dev/null +++ b/kube-custom-resources-rs/src/kyverno_io/v2/clusterbackgroundscanreports.rs @@ -0,0 +1,169 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/kyverno/kyverno/kyverno.io/v2/clusterbackgroundscanreports.yaml --derive=Default --derive=PartialEq +// kopium version: 0.16.2 + +use kube::CustomResource; +use serde::{Serialize, Deserialize}; +use std::collections::BTreeMap; + +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "kyverno.io", version = "v2", kind = "ClusterBackgroundScanReport", plural = "clusterbackgroundscanreports")] +#[kube(schema = "disabled")] +pub struct ClusterBackgroundScanReportSpec { + /// PolicyReportResult provides result details + #[serde(default, skip_serializing_if = "Option::is_none")] + pub results: Option>, + /// PolicyReportSummary provides a summary of results + #[serde(default, skip_serializing_if = "Option::is_none")] + pub summary: Option, +} + +/// PolicyReportResult provides the result for an individual policy +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterBackgroundScanReportResults { + /// Category indicates policy category + #[serde(default, skip_serializing_if = "Option::is_none")] + pub category: Option, + /// Description is a short user friendly message for the policy rule + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Policy is the name or identifier of the policy + pub policy: String, + /// Properties provides additional information for the policy rule + #[serde(default, skip_serializing_if = "Option::is_none")] + pub properties: Option>, + /// SubjectSelector is an optional label selector for checked Kubernetes resources. For example, a policy result may apply to all pods that match a label. Either a Subject or a SubjectSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceSelector")] + pub resource_selector: Option, + /// Subjects is an optional reference to the checked Kubernetes resources + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option>, + /// Result indicates the outcome of the policy rule execution + #[serde(default, skip_serializing_if = "Option::is_none")] + pub result: Option, + /// Rule is the name or identifier of the rule within the policy + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rule: Option, + /// Scored indicates if this result is scored + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scored: Option, + /// Severity indicates policy check result criticality + #[serde(default, skip_serializing_if = "Option::is_none")] + pub severity: Option, + /// Source is an identifier for the policy engine that manages this report + #[serde(default, skip_serializing_if = "Option::is_none")] + pub source: Option, + /// Timestamp indicates the time the result was found + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timestamp: Option, +} + +/// SubjectSelector is an optional label selector for checked Kubernetes resources. For example, a policy result may apply to all pods that match a label. Either a Subject or a SubjectSelector can be specified. If neither are provided, the result is assumed to be for the policy report scope. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterBackgroundScanReportResultsResourceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterBackgroundScanReportResultsResourceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. +/// Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterBackgroundScanReportResultsResources { + /// API version of the referent. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] + pub field_path: Option, + /// Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] + pub resource_version: Option, + /// UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uid: Option, +} + +/// PolicyReportResult provides the result for an individual policy +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterBackgroundScanReportResultsResult { + #[serde(rename = "pass")] + Pass, + #[serde(rename = "fail")] + Fail, + #[serde(rename = "warn")] + Warn, + #[serde(rename = "error")] + Error, + #[serde(rename = "skip")] + Skip, +} + +/// PolicyReportResult provides the result for an individual policy +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterBackgroundScanReportResultsSeverity { + #[serde(rename = "critical")] + Critical, + #[serde(rename = "high")] + High, + #[serde(rename = "low")] + Low, + #[serde(rename = "medium")] + Medium, + #[serde(rename = "info")] + Info, +} + +/// Timestamp indicates the time the result was found +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterBackgroundScanReportResultsTimestamp { + /// Non-negative fractions of a second at nanosecond resolution. Negative second values with fractions must still have non-negative nanos values that count forward in time. Must be from 0 to 999,999,999 inclusive. This field may be limited in precision depending on context. + pub nanos: i32, + /// Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z inclusive. + pub seconds: i64, +} + +/// PolicyReportSummary provides a summary of results +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterBackgroundScanReportSummary { + /// Error provides the count of policies that could not be evaluated + #[serde(default, skip_serializing_if = "Option::is_none")] + pub error: Option, + /// Fail provides the count of policies whose requirements were not met + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fail: Option, + /// Pass provides the count of policies whose requirements were met + #[serde(default, skip_serializing_if = "Option::is_none")] + pub pass: Option, + /// Skip indicates the count of policies that were not selected for evaluation + #[serde(default, skip_serializing_if = "Option::is_none")] + pub skip: Option, + /// Warn provides the count of non-scored policies whose requirements were not met + #[serde(default, skip_serializing_if = "Option::is_none")] + pub warn: Option, +} + diff --git a/kube-custom-resources-rs/src/kyverno_io/v2/clustercleanuppolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v2/clustercleanuppolicies.rs new file mode 100644 index 000000000..ab918dc2e --- /dev/null +++ b/kube-custom-resources-rs/src/kyverno_io/v2/clustercleanuppolicies.rs @@ -0,0 +1,720 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/kyverno/kyverno/kyverno.io/v2/clustercleanuppolicies.yaml --derive=Default --derive=PartialEq +// kopium version: 0.16.2 + +use kube::CustomResource; +use serde::{Serialize, Deserialize}; +use std::collections::BTreeMap; +use std::collections::HashMap; + +/// Spec declares policy behaviors. +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "kyverno.io", version = "v2", kind = "ClusterCleanupPolicy", plural = "clustercleanuppolicies")] +#[kube(status = "ClusterCleanupPolicyStatus")] +#[kube(schema = "disabled")] +pub struct ClusterCleanupPolicySpec { + /// Conditions defines the conditions used to select the resources which will be cleaned up. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option, + /// Context defines variables and data sources that can be used during rule execution. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub context: Option>, + /// ExcludeResources defines when cleanuppolicy should not be applied. The exclude criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the name or role. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub exclude: Option, + /// MatchResources defines when cleanuppolicy should be applied. The match criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the user name or role. At least one kind is required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option, + /// The schedule in Cron format + pub schedule: String, +} + +/// Conditions defines the conditions used to select the resources which will be cleaned up. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyConditions { + /// AllConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, all of the conditions need to pass. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// AnyConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. Here, at least one of the conditions need to pass. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyConditionsAll { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option>, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterCleanupPolicyConditionsAllOperator { + Equals, + NotEquals, + AnyIn, + AllIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyConditionsAny { + /// Key is the context entry (using JMESPath) for conditional rule evaluation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option>, + /// Message is an optional display message + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// Operator is the conditional operation to perform. Valid operators are: Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan, DurationLessThanOrEquals, DurationLessThan + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using JMESPath. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterCleanupPolicyConditionsAnyOperator { + Equals, + NotEquals, + AnyIn, + AllIn, + AnyNotIn, + AllNotIn, + GreaterThanOrEquals, + GreaterThan, + LessThanOrEquals, + LessThan, + DurationGreaterThanOrEquals, + DurationGreaterThan, + DurationLessThanOrEquals, + DurationLessThan, +} + +/// ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyContext { + /// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. The data returned is stored in the context with the name for the context entry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiCall")] + pub api_call: Option, + /// ConfigMap is the ConfigMap reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistry")] + pub image_registry: Option, + /// Name is the variable name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Variable defines an arbitrary JMESPath context variable that can be defined inline. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub variable: Option, +} + +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. The data returned is stored in the context with the name for the context entry. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyContextApiCall { + /// Data specifies the POST data sent to the server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub data: Option>, + /// JMESPath is an optional JSON Match Expression that can be used to transform the JSON response returned from the server. For example a JMESPath of "items | length(@)" applied to the API server response for the URLPath "/apis/apps/v1/deployments" will return the total count of deployments across all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Method is the HTTP request type (GET or POST). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Service is an API call to a JSON web service + #[serde(default, skip_serializing_if = "Option::is_none")] + pub service: Option, + /// URLPath is the URL path to be used in the HTTP GET or POST request to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls for details. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlPath")] + pub url_path: Option, +} + +/// RequestData contains the HTTP POST data +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyContextApiCallData { + /// Key is a unique identifier for the data value + pub key: String, + /// Value is the data value + pub value: HashMap, +} + +/// APICall is an HTTP request to the Kubernetes API server, or other JSON web service. The data returned is stored in the context with the name for the context entry. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterCleanupPolicyContextApiCallMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, +} + +/// Service is an API call to a JSON web service +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyContextApiCallService { + /// CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caBundle")] + pub ca_bundle: Option, + /// URL is the JSON web service URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. + pub url: String, +} + +/// ConfigMap is the ConfigMap reference. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyContextConfigMap { + /// Name is the ConfigMap name. + pub name: String, + /// Namespace is the ConfigMap namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyContextImageRegistry { + /// ImageRegistryCredentials provides credentials that will be used for authentication with registry + #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageRegistryCredentials")] + pub image_registry_credentials: Option, + /// JMESPath is an optional JSON Match Expression that can be used to transform the ImageData struct returned as a result of processing the image reference. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Reference is image reference to a container image in the registry. Example: ghcr.io/kyverno/kyverno:latest + pub reference: String, +} + +/// ImageRegistryCredentials provides credentials that will be used for authentication with registry +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyContextImageRegistryImageRegistryCredentials { + /// AllowInsecureRegistry allows insecure access to a registry. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowInsecureRegistry")] + pub allow_insecure_registry: Option, + /// Providers specifies a list of OCI Registry names, whose authentication providers are provided. It can be of one of these values: default,google,azure,amazon,github. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub providers: Option>, + /// Secrets specifies a list of secrets that are provided for credentials. Secrets must live in the Kyverno namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secrets: Option>, +} + +/// Variable defines an arbitrary JMESPath context variable that can be defined inline. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyContextVariable { + /// Default is an optional arbitrary JSON object that the variable may take if the JMESPath expression evaluates to nil + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option>, + /// JMESPath is an optional JMESPath Expression that can be used to transform the variable. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmesPath")] + pub jmes_path: Option, + /// Value is any arbitrary JSON object representable in YAML or JSON form. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option>, +} + +/// ExcludeResources defines when cleanuppolicy should not be applied. The exclude criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the name or role. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyExclude { + /// All allows specifying resources which will be ANDed + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// Any allows specifying resources which will be ORed + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, +} + +/// ResourceFilter allow users to "AND" or "OR" between resources +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyExcludeAll { + /// ClusterRoles is the list of cluster-wide role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] + pub cluster_roles: Option>, + /// ResourceDescription contains information about the resource being created or modified. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// Roles is the list of namespaced role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub roles: Option>, + /// Subjects is the list of subject names like users, user groups, and service accounts. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subjects: Option>, +} + +/// ResourceDescription contains information about the resource being created or modified. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyExcludeAllResources { + /// Annotations is a map of annotations (key-value pairs of type string). Annotation keys and values support the wildcard characters "*" (matches zero or many characters) and "?" (matches at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Kinds is a list of resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kinds: Option>, + /// Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub names: Option>, + /// NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// Namespaces is a list of namespaces names. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operations: Option>, + /// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +/// NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyExcludeAllResourcesNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyExcludeAllResourcesNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyExcludeAllResourcesSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyExcludeAllResourcesSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyExcludeAllSubjects { + /// APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + pub kind: String, + /// Name of the object being referenced. + pub name: String, + /// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// ResourceFilter allow users to "AND" or "OR" between resources +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyExcludeAny { + /// ClusterRoles is the list of cluster-wide role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] + pub cluster_roles: Option>, + /// ResourceDescription contains information about the resource being created or modified. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// Roles is the list of namespaced role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub roles: Option>, + /// Subjects is the list of subject names like users, user groups, and service accounts. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subjects: Option>, +} + +/// ResourceDescription contains information about the resource being created or modified. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyExcludeAnyResources { + /// Annotations is a map of annotations (key-value pairs of type string). Annotation keys and values support the wildcard characters "*" (matches zero or many characters) and "?" (matches at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Kinds is a list of resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kinds: Option>, + /// Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub names: Option>, + /// NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// Namespaces is a list of namespaces names. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operations: Option>, + /// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +/// NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyExcludeAnyResourcesNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyExcludeAnyResourcesNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyExcludeAnyResourcesSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyExcludeAnyResourcesSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyExcludeAnySubjects { + /// APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + pub kind: String, + /// Name of the object being referenced. + pub name: String, + /// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// MatchResources defines when cleanuppolicy should be applied. The match criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the user name or role. At least one kind is required. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyMatch { + /// All allows specifying resources which will be ANDed + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// Any allows specifying resources which will be ORed + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, +} + +/// ResourceFilter allow users to "AND" or "OR" between resources +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyMatchAll { + /// ClusterRoles is the list of cluster-wide role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] + pub cluster_roles: Option>, + /// ResourceDescription contains information about the resource being created or modified. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// Roles is the list of namespaced role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub roles: Option>, + /// Subjects is the list of subject names like users, user groups, and service accounts. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subjects: Option>, +} + +/// ResourceDescription contains information about the resource being created or modified. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyMatchAllResources { + /// Annotations is a map of annotations (key-value pairs of type string). Annotation keys and values support the wildcard characters "*" (matches zero or many characters) and "?" (matches at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Kinds is a list of resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kinds: Option>, + /// Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub names: Option>, + /// NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// Namespaces is a list of namespaces names. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operations: Option>, + /// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +/// NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyMatchAllResourcesNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyMatchAllResourcesNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyMatchAllResourcesSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyMatchAllResourcesSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyMatchAllSubjects { + /// APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + pub kind: String, + /// Name of the object being referenced. + pub name: String, + /// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// ResourceFilter allow users to "AND" or "OR" between resources +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyMatchAny { + /// ClusterRoles is the list of cluster-wide role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] + pub cluster_roles: Option>, + /// ResourceDescription contains information about the resource being created or modified. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// Roles is the list of namespaced role names for the user. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub roles: Option>, + /// Subjects is the list of subject names like users, user groups, and service accounts. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subjects: Option>, +} + +/// ResourceDescription contains information about the resource being created or modified. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyMatchAnyResources { + /// Annotations is a map of annotations (key-value pairs of type string). Annotation keys and values support the wildcard characters "*" (matches zero or many characters) and "?" (matches at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Kinds is a list of resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kinds: Option>, + /// Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub names: Option>, + /// NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// Namespaces is a list of namespaces names. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operations: Option>, + /// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +/// NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyMatchAnyResourcesNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyMatchAnyResourcesNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyMatchAnyResourcesSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyMatchAnyResourcesSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyMatchAnySubjects { + /// APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + pub kind: String, + /// Name of the object being referenced. + pub name: String, + /// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// Status contains policy runtime data. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyStatus { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastExecutionTime")] + pub last_execution_time: Option, +} + +/// Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, +/// type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +/// // other fields } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterCleanupPolicyStatusConditions { + /// lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + #[serde(rename = "lastTransitionTime")] + pub last_transition_time: String, + /// message is a human readable message indicating details about the transition. This may be an empty string. + pub message: String, + /// observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedGeneration")] + pub observed_generation: Option, + /// reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + pub reason: String, + /// status of the condition, one of True, False, Unknown. + pub status: ClusterCleanupPolicyStatusConditionsStatus, + /// type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + #[serde(rename = "type")] + pub r#type: String, +} + +/// Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, +/// type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +/// // other fields } +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterCleanupPolicyStatusConditionsStatus { + True, + False, + Unknown, +} + diff --git a/kube-custom-resources-rs/src/kyverno_io/v2/mod.rs b/kube-custom-resources-rs/src/kyverno_io/v2/mod.rs index dce3a7c7e..c468d3b8e 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2/mod.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2/mod.rs @@ -1 +1,8 @@ +pub mod admissionreports; +pub mod backgroundscanreports; +pub mod cleanuppolicies; +pub mod clusteradmissionreports; +pub mod clusterbackgroundscanreports; +pub mod clustercleanuppolicies; pub mod policyexceptions; +pub mod updaterequests; diff --git a/kube-custom-resources-rs/src/kyverno_io/v2/updaterequests.rs b/kube-custom-resources-rs/src/kyverno_io/v2/updaterequests.rs new file mode 100644 index 000000000..0b1557374 --- /dev/null +++ b/kube-custom-resources-rs/src/kyverno_io/v2/updaterequests.rs @@ -0,0 +1,253 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/kyverno/kyverno/kyverno.io/v2/updaterequests.yaml --derive=Default --derive=PartialEq +// kopium version: 0.16.2 + +use kube::CustomResource; +use serde::{Serialize, Deserialize}; +use std::collections::BTreeMap; + +/// ResourceSpec is the information to identify the trigger resource. +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "kyverno.io", version = "v2", kind = "UpdateRequest", plural = "updaterequests")] +#[kube(namespaced)] +#[kube(status = "UpdateRequestStatus")] +#[kube(schema = "disabled")] +pub struct UpdateRequestSpec { + /// Context ... + pub context: UpdateRequestContext, + /// DeleteDownstream represents whether the downstream needs to be deleted. + #[serde(rename = "deleteDownstream")] + pub delete_downstream: bool, + /// Specifies the name of the policy. + pub policy: String, + /// Type represents request type for background processing + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestType")] + pub request_type: Option, + /// ResourceSpec is the information to identify the trigger resource. + pub resource: UpdateRequestResource, + /// Rule is the associate rule name of the current UR. + pub rule: String, + /// Synchronize represents the sync behavior of the corresponding rule Optional. Defaults to "false" if not specified. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub synchronize: Option, +} + +/// Context ... +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct UpdateRequestContext { + /// AdmissionRequestInfoObject stores the admission request and operation details + #[serde(default, skip_serializing_if = "Option::is_none", rename = "admissionRequestInfo")] + pub admission_request_info: Option, + /// RequestInfo contains permission info carried in an admission request. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "userInfo")] + pub user_info: Option, +} + +/// AdmissionRequestInfoObject stores the admission request and operation details +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct UpdateRequestContextAdmissionRequestInfo { + /// AdmissionRequest describes the admission.Attributes for the admission request. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "admissionRequest")] + pub admission_request: Option, + /// Operation is the type of resource operation being checked for admission control + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operation: Option, +} + +/// AdmissionRequest describes the admission.Attributes for the admission request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct UpdateRequestContextAdmissionRequestInfoAdmissionRequest { + /// DryRun indicates that modifications will definitely not be persisted for this request. Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dryRun")] + pub dry_run: Option, + /// Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale) + pub kind: UpdateRequestContextAdmissionRequestInfoAdmissionRequestKind, + /// Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and rely on the server to generate the name. If that is the case, this field will contain an empty string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace is the namespace associated with the request (if any). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Object is the object from the incoming request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub object: Option>, + /// OldObject is the existing object. Only populated for DELETE and UPDATE requests. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "oldObject")] + pub old_object: Option>, + /// Operation is the operation being performed. This may be different than the operation requested. e.g. a patch can result in either a CREATE or UPDATE Operation. + pub operation: String, + /// Options is the operation option structure of the operation being performed. e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be different than the options the caller provided. e.g. for a patch request the performed Operation might be a CREATE, in which case the Options will a `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub options: Option>, + /// RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). If this is specified and differs from the value in "kind", an equivalent match and conversion was performed. + /// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, an API request to apps/v1beta1 deployments would be converted and sent to the webhook with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for), and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request). + /// See documentation for the "matchPolicy" field in the webhook configuration type for more details. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestKind")] + pub request_kind: Option, + /// RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). If this is specified and differs from the value in "resource", an equivalent match and conversion was performed. + /// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, an API request to apps/v1beta1 deployments would be converted and sent to the webhook with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for), and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request). + /// See documentation for the "matchPolicy" field in the webhook configuration type. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestResource")] + pub request_resource: Option, + /// RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale") If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed. See documentation for the "matchPolicy" field in the webhook configuration type. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestSubResource")] + pub request_sub_resource: Option, + /// Resource is the fully-qualified resource being requested (for example, v1.pods) + pub resource: UpdateRequestContextAdmissionRequestInfoAdmissionRequestResource, + /// SubResource is the subresource being requested, if any (for example, "status" or "scale") + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subResource")] + pub sub_resource: Option, + /// UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are otherwise identical (parallel requests, requests when earlier requests did not modify etc) The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request. It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging. + pub uid: String, + /// UserInfo is information about the requesting user + #[serde(rename = "userInfo")] + pub user_info: UpdateRequestContextAdmissionRequestInfoAdmissionRequestUserInfo, +} + +/// Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct UpdateRequestContextAdmissionRequestInfoAdmissionRequestKind { + pub group: String, + pub kind: String, + pub version: String, +} + +/// RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). If this is specified and differs from the value in "kind", an equivalent match and conversion was performed. +/// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, an API request to apps/v1beta1 deployments would be converted and sent to the webhook with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for), and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request). +/// See documentation for the "matchPolicy" field in the webhook configuration type for more details. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct UpdateRequestContextAdmissionRequestInfoAdmissionRequestRequestKind { + pub group: String, + pub kind: String, + pub version: String, +} + +/// RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). If this is specified and differs from the value in "resource", an equivalent match and conversion was performed. +/// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, an API request to apps/v1beta1 deployments would be converted and sent to the webhook with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for), and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request). +/// See documentation for the "matchPolicy" field in the webhook configuration type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct UpdateRequestContextAdmissionRequestInfoAdmissionRequestRequestResource { + pub group: String, + pub resource: String, + pub version: String, +} + +/// Resource is the fully-qualified resource being requested (for example, v1.pods) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct UpdateRequestContextAdmissionRequestInfoAdmissionRequestResource { + pub group: String, + pub resource: String, + pub version: String, +} + +/// UserInfo is information about the requesting user +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct UpdateRequestContextAdmissionRequestInfoAdmissionRequestUserInfo { + /// Any additional information provided by the authenticator. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub extra: Option>, + /// The names of groups this user is a part of. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub groups: Option>, + /// A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uid: Option, + /// The name that uniquely identifies this user among all active users. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub username: Option, +} + +/// RequestInfo contains permission info carried in an admission request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct UpdateRequestContextUserInfo { + /// ClusterRoles is a list of possible clusterRoles send the request. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterRoles")] + pub cluster_roles: Option>, + /// Roles is a list of possible role send the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub roles: Option>, + /// UserInfo is the userInfo carried in the admission request. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "userInfo")] + pub user_info: Option, +} + +/// UserInfo is the userInfo carried in the admission request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct UpdateRequestContextUserInfoUserInfo { + /// Any additional information provided by the authenticator. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub extra: Option>, + /// The names of groups this user is a part of. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub groups: Option>, + /// A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uid: Option, + /// The name that uniquely identifies this user among all active users. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub username: Option, +} + +/// ResourceSpec is the information to identify the trigger resource. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum UpdateRequestRequestType { + #[serde(rename = "mutate")] + Mutate, + #[serde(rename = "generate")] + Generate, +} + +/// ResourceSpec is the information to identify the trigger resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct UpdateRequestResource { + /// APIVersion specifies resource apiVersion. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Kind specifies resource kind. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + /// Name specifies the resource name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace specifies resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// UID specifies the resource uid. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uid: Option, +} + +/// Status contains statistics related to update request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct UpdateRequestStatus { + /// This will track the resources that are updated by the generate Policy. Will be used during clean up resources. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "generatedResources")] + pub generated_resources: Option>, + /// Specifies request status message. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "retryCount")] + pub retry_count: Option, + /// State represents state of the update request. + pub state: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct UpdateRequestStatusGeneratedResources { + /// APIVersion specifies resource apiVersion. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Kind specifies resource kind. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + /// Name specifies the resource name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace specifies resource namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// UID specifies the resource uid. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uid: Option, +} + diff --git a/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs index e8c284e7a..927f74454 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs @@ -2000,6 +2000,12 @@ pub struct ClusterPolicyRulesValidatePodSecurityExclude { /// Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only. Wildcards ('*' and '?') are allowed. See: https://kubernetes.io/docs/concepts/containers/images. #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// RestrictedField selects the field for the given Pod Security Standard control. When not set, all restricted fields for the control are selected. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "restrictedField")] + pub restricted_field: Option, + /// Values defines the allowed values that can be excluded. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, } /// PodSecurityStandard specifies the Pod Security Standard controls to be excluded. @@ -4630,6 +4636,12 @@ pub struct ClusterPolicyStatusAutogenRulesValidatePodSecurityExclude { /// Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only. Wildcards ('*' and '?') are allowed. See: https://kubernetes.io/docs/concepts/containers/images. #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// RestrictedField selects the field for the given Pod Security Standard control. When not set, all restricted fields for the control are selected. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "restrictedField")] + pub restricted_field: Option, + /// Values defines the allowed values that can be excluded. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, } /// PodSecurityStandard specifies the Pod Security Standard controls to be excluded. diff --git a/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs b/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs index 2a7175821..c295f5edf 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs @@ -2001,6 +2001,12 @@ pub struct PolicyRulesValidatePodSecurityExclude { /// Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only. Wildcards ('*' and '?') are allowed. See: https://kubernetes.io/docs/concepts/containers/images. #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// RestrictedField selects the field for the given Pod Security Standard control. When not set, all restricted fields for the control are selected. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "restrictedField")] + pub restricted_field: Option, + /// Values defines the allowed values that can be excluded. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, } /// PodSecurityStandard specifies the Pod Security Standard controls to be excluded. @@ -4631,6 +4637,12 @@ pub struct PolicyStatusAutogenRulesValidatePodSecurityExclude { /// Images selects matching containers and applies the container level PSS. Each image is the image name consisting of the registry address, repository, image, and tag. Empty list matches no containers, PSS checks are applied at the pod level only. Wildcards ('*' and '?') are allowed. See: https://kubernetes.io/docs/concepts/containers/images. #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// RestrictedField selects the field for the given Pod Security Standard control. When not set, all restricted fields for the control are selected. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "restrictedField")] + pub restricted_field: Option, + /// Values defines the allowed values that can be excluded. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, } /// PodSecurityStandard specifies the Pod Security Standard controls to be excluded. diff --git a/kube-custom-resources-rs/src/lib.rs b/kube-custom-resources-rs/src/lib.rs index ae3bc2126..3a8691fb4 100644 --- a/kube-custom-resources-rs/src/lib.rs +++ b/kube-custom-resources-rs/src/lib.rs @@ -1353,7 +1353,14 @@ apiVersion `kyverno.io/v1beta1`: - `UpdateRequest` apiVersion `kyverno.io/v2`: +- `AdmissionReport` +- `BackgroundScanReport` +- `CleanupPolicy` +- `ClusterAdmissionReport` +- `ClusterBackgroundScanReport` +- `ClusterCleanupPolicy` - `PolicyException` +- `UpdateRequest` apiVersion `kyverno.io/v2alpha1`: - `CleanupPolicy` diff --git a/kube-custom-resources-rs/src/longhorn_io/v1beta2/engines.rs b/kube-custom-resources-rs/src/longhorn_io/v1beta2/engines.rs index ed015dbad..3604205e9 100644 --- a/kube-custom-resources-rs/src/longhorn_io/v1beta2/engines.rs +++ b/kube-custom-resources-rs/src/longhorn_io/v1beta2/engines.rs @@ -15,10 +15,13 @@ use std::collections::BTreeMap; pub struct EngineSpec { #[serde(default, skip_serializing_if = "Option::is_none")] pub active: Option, + /// Deprecated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "backendStoreDriver")] - pub backend_store_driver: Option, + pub backend_store_driver: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "backupVolume")] pub backup_volume: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataEngine")] + pub data_engine: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "desireState")] pub desire_state: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableFrontend")] @@ -56,7 +59,7 @@ pub struct EngineSpec { /// EngineSpec defines the desired state of the Longhorn engine #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum EngineBackendStoreDriver { +pub enum EngineDataEngine { #[serde(rename = "v1")] V1, #[serde(rename = "v2")] diff --git a/kube-custom-resources-rs/src/longhorn_io/v1beta2/instancemanagers.rs b/kube-custom-resources-rs/src/longhorn_io/v1beta2/instancemanagers.rs index b3d0905fb..1211322dc 100644 --- a/kube-custom-resources-rs/src/longhorn_io/v1beta2/instancemanagers.rs +++ b/kube-custom-resources-rs/src/longhorn_io/v1beta2/instancemanagers.rs @@ -13,6 +13,11 @@ use std::collections::BTreeMap; #[kube(status = "InstanceManagerStatus")] #[kube(schema = "disabled")] pub struct InstanceManagerSpec { + /// Deprecated. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "backendStoreDriver")] + pub backend_store_driver: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataEngine")] + pub data_engine: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeID")] @@ -68,14 +73,19 @@ pub struct InstanceManagerStatusInstanceEngines { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InstanceManagerStatusInstanceEnginesSpec { + /// Deprecated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "backendStoreDriver")] pub backend_store_driver: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataEngine")] + pub data_engine: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InstanceManagerStatusInstanceEnginesStatus { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "errorMsg")] @@ -104,14 +114,19 @@ pub struct InstanceManagerStatusInstanceReplicas { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InstanceManagerStatusInstanceReplicasSpec { + /// Deprecated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "backendStoreDriver")] pub backend_store_driver: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataEngine")] + pub data_engine: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InstanceManagerStatusInstanceReplicasStatus { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "errorMsg")] @@ -149,6 +164,8 @@ pub struct InstanceManagerStatusInstancesSpec { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InstanceManagerStatusInstancesStatus { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "errorMsg")] diff --git a/kube-custom-resources-rs/src/longhorn_io/v1beta2/nodes.rs b/kube-custom-resources-rs/src/longhorn_io/v1beta2/nodes.rs index 503b02d58..652c34e42 100644 --- a/kube-custom-resources-rs/src/longhorn_io/v1beta2/nodes.rs +++ b/kube-custom-resources-rs/src/longhorn_io/v1beta2/nodes.rs @@ -13,6 +13,7 @@ use std::collections::BTreeMap; #[kube(status = "NodeStatus")] #[kube(schema = "disabled")] pub struct NodeSpec { + /// Allow scheduling replicas on the node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowScheduling")] pub allow_scheduling: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -58,12 +59,16 @@ pub struct NodeStatus { pub auto_evicting: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub conditions: Option>, + /// The status of the disks on the node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "diskStatus")] pub disk_status: Option>, + /// The Region of the node. #[serde(default, skip_serializing_if = "Option::is_none")] pub region: Option, + /// The status of the snapshot integrity check. #[serde(default, skip_serializing_if = "Option::is_none", rename = "snapshotCheckStatus")] pub snapshot_check_status: Option, + /// The Zone of the node. #[serde(default, skip_serializing_if = "Option::is_none")] pub zone: Option, } @@ -90,6 +95,7 @@ pub struct NodeStatusConditions { pub r#type: Option, } +/// The status of the disks on the node. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct NodeStatusDiskStatus { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -98,6 +104,8 @@ pub struct NodeStatusDiskStatus { pub disk_type: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "diskUUID")] pub disk_uuid: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "filesystemType")] + pub filesystem_type: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "scheduledReplica")] pub scheduled_replica: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageAvailable")] @@ -130,11 +138,10 @@ pub struct NodeStatusDiskStatusConditions { pub r#type: Option, } +/// The status of the snapshot integrity check. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct NodeStatusSnapshotCheckStatus { #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastPeriodicCheckedAt")] pub last_periodic_checked_at: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "snapshotCheckState")] - pub snapshot_check_state: Option, } diff --git a/kube-custom-resources-rs/src/longhorn_io/v1beta2/replicas.rs b/kube-custom-resources-rs/src/longhorn_io/v1beta2/replicas.rs index 937c85f4e..1f75f9643 100644 --- a/kube-custom-resources-rs/src/longhorn_io/v1beta2/replicas.rs +++ b/kube-custom-resources-rs/src/longhorn_io/v1beta2/replicas.rs @@ -14,12 +14,15 @@ use serde::{Serialize, Deserialize}; pub struct ReplicaSpec { #[serde(default, skip_serializing_if = "Option::is_none")] pub active: Option, + /// Deprecated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "backendStoreDriver")] - pub backend_store_driver: Option, + pub backend_store_driver: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "backingImage")] pub backing_image: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataDirectoryName")] pub data_directory_name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataEngine")] + pub data_engine: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "desireState")] pub desire_state: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "diskID")] @@ -61,7 +64,7 @@ pub struct ReplicaSpec { /// ReplicaSpec defines the desired state of the Longhorn replica #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ReplicaBackendStoreDriver { +pub enum ReplicaDataEngine { #[serde(rename = "v1")] V1, #[serde(rename = "v2")] diff --git a/kube-custom-resources-rs/src/longhorn_io/v1beta2/volumes.rs b/kube-custom-resources-rs/src/longhorn_io/v1beta2/volumes.rs index c6c449666..4f40c2f9e 100644 --- a/kube-custom-resources-rs/src/longhorn_io/v1beta2/volumes.rs +++ b/kube-custom-resources-rs/src/longhorn_io/v1beta2/volumes.rs @@ -16,12 +16,15 @@ pub struct VolumeSpec { pub standby: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessMode")] pub access_mode: Option, + /// Deprecated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "backendStoreDriver")] - pub backend_store_driver: Option, + pub backend_store_driver: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "backingImage")] pub backing_image: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "backupCompressionMethod")] pub backup_compression_method: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataEngine")] + pub data_engine: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataLocality")] pub data_locality: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] @@ -90,15 +93,6 @@ pub enum VolumeAccessMode { Rwx, } -/// VolumeSpec defines the desired state of the Longhorn volume -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum VolumeBackendStoreDriver { - #[serde(rename = "v1")] - V1, - #[serde(rename = "v2")] - V2, -} - /// VolumeSpec defines the desired state of the Longhorn volume #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum VolumeBackupCompressionMethod { @@ -110,6 +104,15 @@ pub enum VolumeBackupCompressionMethod { Gzip, } +/// VolumeSpec defines the desired state of the Longhorn volume +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum VolumeDataEngine { + #[serde(rename = "v1")] + V1, + #[serde(rename = "v2")] + V2, +} + /// VolumeSpec defines the desired state of the Longhorn volume #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum VolumeDataLocality { diff --git a/kube-custom-resources-rs/src/mariadb_mmontes_io/v1alpha1/backups.rs b/kube-custom-resources-rs/src/mariadb_mmontes_io/v1alpha1/backups.rs index 2261c2c8c..a9154fba3 100644 --- a/kube-custom-resources-rs/src/mariadb_mmontes_io/v1alpha1/backups.rs +++ b/kube-custom-resources-rs/src/mariadb_mmontes_io/v1alpha1/backups.rs @@ -23,12 +23,15 @@ pub struct BackupSpec { /// BackoffLimit defines the maximum number of attempts to successfully take a Backup. #[serde(default, skip_serializing_if = "Option::is_none", rename = "backoffLimit")] pub backoff_limit: Option, + /// LogLevel to be used n the Backup Job. It defaults to 'info'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "logLevel")] + pub log_level: Option, /// MariaDBRef is a reference to a MariaDB object. #[serde(rename = "mariaDbRef")] pub maria_db_ref: BackupMariaDbRef, - /// MaxRetentionDays defined the maximum age that Backups should have. Old backup will be cleaned up by the Backup Job. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxRetentionDays")] - pub max_retention_days: Option, + /// MaxRetention defines the retention policy for backups. Old backups will be cleaned up by the Backup Job. It defaults to 30 days. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxRetention")] + pub max_retention: Option, /// NodeSelector to be used in the Backup Pod. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option>, @@ -530,6 +533,9 @@ pub struct BackupStorage { /// PersistentVolumeClaim is a Kubernetes PVC specification. #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] pub persistent_volume_claim: Option, + /// S3 defines the configuration to store backups in a S3 compatible storage. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub s3: Option, /// Volume is a Kubernetes volume specification. #[serde(default, skip_serializing_if = "Option::is_none")] pub volume: Option, @@ -637,6 +643,93 @@ pub struct BackupStoragePersistentVolumeClaimSelectorMatchExpressions { pub values: Option>, } +/// S3 defines the configuration to store backups in a S3 compatible storage. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct BackupStorageS3 { + /// AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 access key id. + #[serde(rename = "accessKeyIdSecretKeyRef")] + pub access_key_id_secret_key_ref: BackupStorageS3AccessKeyIdSecretKeyRef, + /// Bucket is the name Name of the bucket to store backups. + pub bucket: String, + /// Endpoint is the S3 API endpoint without scheme. + pub endpoint: String, + /// Region is the S3 region name to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub region: Option, + /// AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 secret key. + #[serde(rename = "secretAccessKeySecretKeyRef")] + pub secret_access_key_secret_key_ref: BackupStorageS3SecretAccessKeySecretKeyRef, + /// SessionTokenSecretKeyRef is a reference to a Secret key containing the S3 session token. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sessionTokenSecretKeyRef")] + pub session_token_secret_key_ref: Option, + /// TLS provides the configuration required to establish TLS connections with S3. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tls: Option, +} + +/// AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 access key id. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct BackupStorageS3AccessKeyIdSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 secret key. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct BackupStorageS3SecretAccessKeySecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// SessionTokenSecretKeyRef is a reference to a Secret key containing the S3 session token. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct BackupStorageS3SessionTokenSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// TLS provides the configuration required to establish TLS connections with S3. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct BackupStorageS3Tls { + /// CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caSecretKeyRef")] + pub ca_secret_key_ref: Option, + /// Enabled is a flag to enable TLS. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct BackupStorageS3TlsCaSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + /// Volume is a Kubernetes volume specification. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct BackupStorageVolume { diff --git a/kube-custom-resources-rs/src/mariadb_mmontes_io/v1alpha1/mariadbs.rs b/kube-custom-resources-rs/src/mariadb_mmontes_io/v1alpha1/mariadbs.rs index 6ebb7feb8..9faf61d11 100644 --- a/kube-custom-resources-rs/src/mariadb_mmontes_io/v1alpha1/mariadbs.rs +++ b/kube-custom-resources-rs/src/mariadb_mmontes_io/v1alpha1/mariadbs.rs @@ -551,9 +551,12 @@ pub struct MariaDBAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringEx /// BootstrapFrom defines a source to bootstrap from. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct MariaDBBootstrapFrom { - /// BackupRef is a reference to a Backup object. + /// BackupRef is a reference to a Backup object. It has priority over S3 and Volume. #[serde(default, skip_serializing_if = "Option::is_none", rename = "backupRef")] pub backup_ref: Option, + /// S3 defines the configuration to restore backups from a S3 compatible storage. It has priority over Volume. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub s3: Option, /// TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective. It is used to determine the closest restoration source in time. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRecoveryTime")] pub target_recovery_time: Option, @@ -562,7 +565,7 @@ pub struct MariaDBBootstrapFrom { pub volume: Option, } -/// BackupRef is a reference to a Backup object. +/// BackupRef is a reference to a Backup object. It has priority over S3 and Volume. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct MariaDBBootstrapFromBackupRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -570,6 +573,93 @@ pub struct MariaDBBootstrapFromBackupRef { pub name: Option, } +/// S3 defines the configuration to restore backups from a S3 compatible storage. It has priority over Volume. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct MariaDBBootstrapFromS3 { + /// AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 access key id. + #[serde(rename = "accessKeyIdSecretKeyRef")] + pub access_key_id_secret_key_ref: MariaDBBootstrapFromS3AccessKeyIdSecretKeyRef, + /// Bucket is the name Name of the bucket to store backups. + pub bucket: String, + /// Endpoint is the S3 API endpoint without scheme. + pub endpoint: String, + /// Region is the S3 region name to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub region: Option, + /// AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 secret key. + #[serde(rename = "secretAccessKeySecretKeyRef")] + pub secret_access_key_secret_key_ref: MariaDBBootstrapFromS3SecretAccessKeySecretKeyRef, + /// SessionTokenSecretKeyRef is a reference to a Secret key containing the S3 session token. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sessionTokenSecretKeyRef")] + pub session_token_secret_key_ref: Option, + /// TLS provides the configuration required to establish TLS connections with S3. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tls: Option, +} + +/// AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 access key id. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct MariaDBBootstrapFromS3AccessKeyIdSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 secret key. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct MariaDBBootstrapFromS3SecretAccessKeySecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// SessionTokenSecretKeyRef is a reference to a Secret key containing the S3 session token. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct MariaDBBootstrapFromS3SessionTokenSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// TLS provides the configuration required to establish TLS connections with S3. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct MariaDBBootstrapFromS3Tls { + /// CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caSecretKeyRef")] + pub ca_secret_key_ref: Option, + /// Enabled is a flag to enable TLS. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct MariaDBBootstrapFromS3TlsCaSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + /// Volume is a Kubernetes Volume object that contains a backup. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct MariaDBBootstrapFromVolume { diff --git a/kube-custom-resources-rs/src/mariadb_mmontes_io/v1alpha1/restores.rs b/kube-custom-resources-rs/src/mariadb_mmontes_io/v1alpha1/restores.rs index 028376857..34c88a3be 100644 --- a/kube-custom-resources-rs/src/mariadb_mmontes_io/v1alpha1/restores.rs +++ b/kube-custom-resources-rs/src/mariadb_mmontes_io/v1alpha1/restores.rs @@ -20,9 +20,12 @@ pub struct RestoreSpec { /// BackoffLimit defines the maximum number of attempts to successfully perform a Backup. #[serde(default, skip_serializing_if = "Option::is_none", rename = "backoffLimit")] pub backoff_limit: Option, - /// BackupRef is a reference to a Backup object. + /// BackupRef is a reference to a Backup object. It has priority over S3 and Volume. #[serde(default, skip_serializing_if = "Option::is_none", rename = "backupRef")] pub backup_ref: Option, + /// LogLevel to be used n the Backup Job. It defaults to 'info'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "logLevel")] + pub log_level: Option, /// MariaDBRef is a reference to a MariaDB object. #[serde(rename = "mariaDbRef")] pub maria_db_ref: RestoreMariaDbRef, @@ -35,6 +38,9 @@ pub struct RestoreSpec { /// RestartPolicy to be added to the Backup Job. #[serde(default, skip_serializing_if = "Option::is_none", rename = "restartPolicy")] pub restart_policy: Option, + /// S3 defines the configuration to restore backups from a S3 compatible storage. It has priority over Volume. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub s3: Option, /// TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective. It is used to determine the closest restoration source in time. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRecoveryTime")] pub target_recovery_time: Option, @@ -452,7 +458,7 @@ pub struct RestoreAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringEx pub values: Option>, } -/// BackupRef is a reference to a Backup object. +/// BackupRef is a reference to a Backup object. It has priority over S3 and Volume. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct RestoreBackupRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -520,6 +526,93 @@ pub enum RestoreRestartPolicy { Never, } +/// S3 defines the configuration to restore backups from a S3 compatible storage. It has priority over Volume. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct RestoreS3 { + /// AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 access key id. + #[serde(rename = "accessKeyIdSecretKeyRef")] + pub access_key_id_secret_key_ref: RestoreS3AccessKeyIdSecretKeyRef, + /// Bucket is the name Name of the bucket to store backups. + pub bucket: String, + /// Endpoint is the S3 API endpoint without scheme. + pub endpoint: String, + /// Region is the S3 region name to use. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub region: Option, + /// AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 secret key. + #[serde(rename = "secretAccessKeySecretKeyRef")] + pub secret_access_key_secret_key_ref: RestoreS3SecretAccessKeySecretKeyRef, + /// SessionTokenSecretKeyRef is a reference to a Secret key containing the S3 session token. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sessionTokenSecretKeyRef")] + pub session_token_secret_key_ref: Option, + /// TLS provides the configuration required to establish TLS connections with S3. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tls: Option, +} + +/// AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 access key id. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct RestoreS3AccessKeyIdSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 secret key. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct RestoreS3SecretAccessKeySecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// SessionTokenSecretKeyRef is a reference to a Secret key containing the S3 session token. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct RestoreS3SessionTokenSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// TLS provides the configuration required to establish TLS connections with S3. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct RestoreS3Tls { + /// CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caSecretKeyRef")] + pub ca_secret_key_ref: Option, + /// Enabled is a flag to enable TLS. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct RestoreS3TlsCaSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + /// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct RestoreTolerations { diff --git a/kube-custom-resources-rs/src/multicluster_crd_antrea_io/v1alpha1/resourceexports.rs b/kube-custom-resources-rs/src/multicluster_crd_antrea_io/v1alpha1/resourceexports.rs index 1d6375968..061cfb117 100644 --- a/kube-custom-resources-rs/src/multicluster_crd_antrea_io/v1alpha1/resourceexports.rs +++ b/kube-custom-resources-rs/src/multicluster_crd_antrea_io/v1alpha1/resourceexports.rs @@ -115,6 +115,9 @@ pub struct ResourceExportClusterNetworkPolicyAppliedTo { /// Select all Pods from Namespaces matched by this selector, as workloads in AppliedTo fields. If set with PodSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except PodSelector or ExternalEntitySelector. Cannot be set with Namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, + /// Select Nodes in cluster as workloads in AppliedTo fields. Cannot be set with any other selector. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option, /// Select Pods from NetworkPolicy's Namespace as workloads in AppliedTo fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSelector")] pub pod_selector: Option, @@ -172,6 +175,29 @@ pub struct ResourceExportClusterNetworkPolicyAppliedToNamespaceSelectorMatchExpr pub values: Option>, } +/// Select Nodes in cluster as workloads in AppliedTo fields. Cannot be set with any other selector. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ResourceExportClusterNetworkPolicyAppliedToNodeSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ResourceExportClusterNetworkPolicyAppliedToNodeSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// Select Pods from NetworkPolicy's Namespace as workloads in AppliedTo fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ResourceExportClusterNetworkPolicyAppliedToPodSelector { @@ -262,6 +288,9 @@ pub struct ResourceExportClusterNetworkPolicyEgressAppliedTo { /// Select all Pods from Namespaces matched by this selector, as workloads in AppliedTo fields. If set with PodSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except PodSelector or ExternalEntitySelector. Cannot be set with Namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, + /// Select Nodes in cluster as workloads in AppliedTo fields. Cannot be set with any other selector. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option, /// Select Pods from NetworkPolicy's Namespace as workloads in AppliedTo fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSelector")] pub pod_selector: Option, @@ -319,6 +348,29 @@ pub struct ResourceExportClusterNetworkPolicyEgressAppliedToNamespaceSelectorMat pub values: Option>, } +/// Select Nodes in cluster as workloads in AppliedTo fields. Cannot be set with any other selector. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ResourceExportClusterNetworkPolicyEgressAppliedToNodeSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ResourceExportClusterNetworkPolicyEgressAppliedToNodeSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// Select Pods from NetworkPolicy's Namespace as workloads in AppliedTo fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ResourceExportClusterNetworkPolicyEgressAppliedToPodSelector { @@ -381,7 +433,7 @@ pub struct ResourceExportClusterNetworkPolicyEgressFrom { /// Select Pod/ExternalEntity from Namespaces matched by specific criteria. Current supported criteria is match: Self, which selects from the same Namespace of the appliedTo workloads. Cannot be set with any other selector except PodSelector or ExternalEntitySelector. This field can only be set when NetworkPolicyPeer is created for ClusterNetworkPolicy ingress/egress rules. Cannot be set with NamespaceSelector. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option, - /// Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. + /// Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option, /// Select Pods from NetworkPolicy's Namespace as workloads in To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. @@ -456,7 +508,7 @@ pub struct ResourceExportClusterNetworkPolicyEgressFromNamespaces { pub r#match: Option, } -/// Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. +/// Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ResourceExportClusterNetworkPolicyEgressFromNodeSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -613,7 +665,7 @@ pub struct ResourceExportClusterNetworkPolicyEgressTo { /// Select Pod/ExternalEntity from Namespaces matched by specific criteria. Current supported criteria is match: Self, which selects from the same Namespace of the appliedTo workloads. Cannot be set with any other selector except PodSelector or ExternalEntitySelector. This field can only be set when NetworkPolicyPeer is created for ClusterNetworkPolicy ingress/egress rules. Cannot be set with NamespaceSelector. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option, - /// Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. + /// Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option, /// Select Pods from NetworkPolicy's Namespace as workloads in To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. @@ -688,7 +740,7 @@ pub struct ResourceExportClusterNetworkPolicyEgressToNamespaces { pub r#match: Option, } -/// Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. +/// Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ResourceExportClusterNetworkPolicyEgressToNodeSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -803,6 +855,9 @@ pub struct ResourceExportClusterNetworkPolicyIngressAppliedTo { /// Select all Pods from Namespaces matched by this selector, as workloads in AppliedTo fields. If set with PodSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except PodSelector or ExternalEntitySelector. Cannot be set with Namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, + /// Select Nodes in cluster as workloads in AppliedTo fields. Cannot be set with any other selector. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option, /// Select Pods from NetworkPolicy's Namespace as workloads in AppliedTo fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSelector")] pub pod_selector: Option, @@ -860,6 +915,29 @@ pub struct ResourceExportClusterNetworkPolicyIngressAppliedToNamespaceSelectorMa pub values: Option>, } +/// Select Nodes in cluster as workloads in AppliedTo fields. Cannot be set with any other selector. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ResourceExportClusterNetworkPolicyIngressAppliedToNodeSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ResourceExportClusterNetworkPolicyIngressAppliedToNodeSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// Select Pods from NetworkPolicy's Namespace as workloads in AppliedTo fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ResourceExportClusterNetworkPolicyIngressAppliedToPodSelector { @@ -922,7 +1000,7 @@ pub struct ResourceExportClusterNetworkPolicyIngressFrom { /// Select Pod/ExternalEntity from Namespaces matched by specific criteria. Current supported criteria is match: Self, which selects from the same Namespace of the appliedTo workloads. Cannot be set with any other selector except PodSelector or ExternalEntitySelector. This field can only be set when NetworkPolicyPeer is created for ClusterNetworkPolicy ingress/egress rules. Cannot be set with NamespaceSelector. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option, - /// Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. + /// Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option, /// Select Pods from NetworkPolicy's Namespace as workloads in To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. @@ -997,7 +1075,7 @@ pub struct ResourceExportClusterNetworkPolicyIngressFromNamespaces { pub r#match: Option, } -/// Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. +/// Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ResourceExportClusterNetworkPolicyIngressFromNodeSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -1154,7 +1232,7 @@ pub struct ResourceExportClusterNetworkPolicyIngressTo { /// Select Pod/ExternalEntity from Namespaces matched by specific criteria. Current supported criteria is match: Self, which selects from the same Namespace of the appliedTo workloads. Cannot be set with any other selector except PodSelector or ExternalEntitySelector. This field can only be set when NetworkPolicyPeer is created for ClusterNetworkPolicy ingress/egress rules. Cannot be set with NamespaceSelector. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option, - /// Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. + /// Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option, /// Select Pods from NetworkPolicy's Namespace as workloads in To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. @@ -1229,7 +1307,7 @@ pub struct ResourceExportClusterNetworkPolicyIngressToNamespaces { pub r#match: Option, } -/// Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. +/// Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ResourceExportClusterNetworkPolicyIngressToNodeSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. diff --git a/kube-custom-resources-rs/src/multicluster_crd_antrea_io/v1alpha1/resourceimports.rs b/kube-custom-resources-rs/src/multicluster_crd_antrea_io/v1alpha1/resourceimports.rs index ee87c6078..314b72ae1 100644 --- a/kube-custom-resources-rs/src/multicluster_crd_antrea_io/v1alpha1/resourceimports.rs +++ b/kube-custom-resources-rs/src/multicluster_crd_antrea_io/v1alpha1/resourceimports.rs @@ -115,6 +115,9 @@ pub struct ResourceImportClusternetworkpolicyAppliedTo { /// Select all Pods from Namespaces matched by this selector, as workloads in AppliedTo fields. If set with PodSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except PodSelector or ExternalEntitySelector. Cannot be set with Namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, + /// Select Nodes in cluster as workloads in AppliedTo fields. Cannot be set with any other selector. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option, /// Select Pods from NetworkPolicy's Namespace as workloads in AppliedTo fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSelector")] pub pod_selector: Option, @@ -172,6 +175,29 @@ pub struct ResourceImportClusternetworkpolicyAppliedToNamespaceSelectorMatchExpr pub values: Option>, } +/// Select Nodes in cluster as workloads in AppliedTo fields. Cannot be set with any other selector. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct ResourceImportClusternetworkpolicyAppliedToNodeSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct ResourceImportClusternetworkpolicyAppliedToNodeSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// Select Pods from NetworkPolicy's Namespace as workloads in AppliedTo fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct ResourceImportClusternetworkpolicyAppliedToPodSelector { @@ -262,6 +288,9 @@ pub struct ResourceImportClusternetworkpolicyEgressAppliedTo { /// Select all Pods from Namespaces matched by this selector, as workloads in AppliedTo fields. If set with PodSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except PodSelector or ExternalEntitySelector. Cannot be set with Namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, + /// Select Nodes in cluster as workloads in AppliedTo fields. Cannot be set with any other selector. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option, /// Select Pods from NetworkPolicy's Namespace as workloads in AppliedTo fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSelector")] pub pod_selector: Option, @@ -319,6 +348,29 @@ pub struct ResourceImportClusternetworkpolicyEgressAppliedToNamespaceSelectorMat pub values: Option>, } +/// Select Nodes in cluster as workloads in AppliedTo fields. Cannot be set with any other selector. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct ResourceImportClusternetworkpolicyEgressAppliedToNodeSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct ResourceImportClusternetworkpolicyEgressAppliedToNodeSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// Select Pods from NetworkPolicy's Namespace as workloads in AppliedTo fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct ResourceImportClusternetworkpolicyEgressAppliedToPodSelector { @@ -381,7 +433,7 @@ pub struct ResourceImportClusternetworkpolicyEgressFrom { /// Select Pod/ExternalEntity from Namespaces matched by specific criteria. Current supported criteria is match: Self, which selects from the same Namespace of the appliedTo workloads. Cannot be set with any other selector except PodSelector or ExternalEntitySelector. This field can only be set when NetworkPolicyPeer is created for ClusterNetworkPolicy ingress/egress rules. Cannot be set with NamespaceSelector. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option, - /// Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. + /// Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option, /// Select Pods from NetworkPolicy's Namespace as workloads in To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. @@ -456,7 +508,7 @@ pub struct ResourceImportClusternetworkpolicyEgressFromNamespaces { pub r#match: Option, } -/// Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. +/// Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct ResourceImportClusternetworkpolicyEgressFromNodeSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -613,7 +665,7 @@ pub struct ResourceImportClusternetworkpolicyEgressTo { /// Select Pod/ExternalEntity from Namespaces matched by specific criteria. Current supported criteria is match: Self, which selects from the same Namespace of the appliedTo workloads. Cannot be set with any other selector except PodSelector or ExternalEntitySelector. This field can only be set when NetworkPolicyPeer is created for ClusterNetworkPolicy ingress/egress rules. Cannot be set with NamespaceSelector. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option, - /// Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. + /// Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option, /// Select Pods from NetworkPolicy's Namespace as workloads in To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. @@ -688,7 +740,7 @@ pub struct ResourceImportClusternetworkpolicyEgressToNamespaces { pub r#match: Option, } -/// Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. +/// Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct ResourceImportClusternetworkpolicyEgressToNodeSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -803,6 +855,9 @@ pub struct ResourceImportClusternetworkpolicyIngressAppliedTo { /// Select all Pods from Namespaces matched by this selector, as workloads in AppliedTo fields. If set with PodSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except PodSelector or ExternalEntitySelector. Cannot be set with Namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, + /// Select Nodes in cluster as workloads in AppliedTo fields. Cannot be set with any other selector. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option, /// Select Pods from NetworkPolicy's Namespace as workloads in AppliedTo fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSelector")] pub pod_selector: Option, @@ -860,6 +915,29 @@ pub struct ResourceImportClusternetworkpolicyIngressAppliedToNamespaceSelectorMa pub values: Option>, } +/// Select Nodes in cluster as workloads in AppliedTo fields. Cannot be set with any other selector. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct ResourceImportClusternetworkpolicyIngressAppliedToNodeSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct ResourceImportClusternetworkpolicyIngressAppliedToNodeSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// Select Pods from NetworkPolicy's Namespace as workloads in AppliedTo fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct ResourceImportClusternetworkpolicyIngressAppliedToPodSelector { @@ -922,7 +1000,7 @@ pub struct ResourceImportClusternetworkpolicyIngressFrom { /// Select Pod/ExternalEntity from Namespaces matched by specific criteria. Current supported criteria is match: Self, which selects from the same Namespace of the appliedTo workloads. Cannot be set with any other selector except PodSelector or ExternalEntitySelector. This field can only be set when NetworkPolicyPeer is created for ClusterNetworkPolicy ingress/egress rules. Cannot be set with NamespaceSelector. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option, - /// Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. + /// Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option, /// Select Pods from NetworkPolicy's Namespace as workloads in To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. @@ -997,7 +1075,7 @@ pub struct ResourceImportClusternetworkpolicyIngressFromNamespaces { pub r#match: Option, } -/// Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. +/// Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct ResourceImportClusternetworkpolicyIngressFromNodeSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -1154,7 +1232,7 @@ pub struct ResourceImportClusternetworkpolicyIngressTo { /// Select Pod/ExternalEntity from Namespaces matched by specific criteria. Current supported criteria is match: Self, which selects from the same Namespace of the appliedTo workloads. Cannot be set with any other selector except PodSelector or ExternalEntitySelector. This field can only be set when NetworkPolicyPeer is created for ClusterNetworkPolicy ingress/egress rules. Cannot be set with NamespaceSelector. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option, - /// Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. + /// Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option, /// Select Pods from NetworkPolicy's Namespace as workloads in To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. @@ -1229,7 +1307,7 @@ pub struct ResourceImportClusternetworkpolicyIngressToNamespaces { pub r#match: Option, } -/// Select certain Nodes which match the label selector. A NodeSelector cannot be set in AppliedTo field or set with any other selector. +/// Select certain Nodes which match the label selector. A NodeSelector cannot be set with any other selector. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct ResourceImportClusternetworkpolicyIngressToNodeSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. diff --git a/kube-custom-resources-rs/src/ray_io/v1/rayclusters.rs b/kube-custom-resources-rs/src/ray_io/v1/rayclusters.rs index e4f0c3783..c44a4a5aa 100644 --- a/kube-custom-resources-rs/src/ray_io/v1/rayclusters.rs +++ b/kube-custom-resources-rs/src/ray_io/v1/rayclusters.rs @@ -6141,6 +6141,14 @@ pub struct RayClusterWorkerGroupSpecsTemplateSpecVolumesVsphereVolume { pub struct RayClusterStatus { #[serde(default, skip_serializing_if = "Option::is_none", rename = "availableWorkerReplicas")] pub available_worker_replicas: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredCPUs")] + pub desired_cp_us: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredGPUs")] + pub desired_gp_us: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredMemory")] + pub desired_memory: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredTPUs")] + pub desired_tp_us: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredWorkerReplicas")] pub desired_worker_replicas: Option, #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/ray_io/v1/rayjobs.rs b/kube-custom-resources-rs/src/ray_io/v1/rayjobs.rs index 91816cb20..b69488f90 100644 --- a/kube-custom-resources-rs/src/ray_io/v1/rayjobs.rs +++ b/kube-custom-resources-rs/src/ray_io/v1/rayjobs.rs @@ -9054,6 +9054,14 @@ pub struct RayJobStatus { pub struct RayJobStatusRayClusterStatus { #[serde(default, skip_serializing_if = "Option::is_none", rename = "availableWorkerReplicas")] pub available_worker_replicas: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredCPUs")] + pub desired_cp_us: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredGPUs")] + pub desired_gp_us: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredMemory")] + pub desired_memory: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredTPUs")] + pub desired_tp_us: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredWorkerReplicas")] pub desired_worker_replicas: Option, #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/ray_io/v1/rayservices.rs b/kube-custom-resources-rs/src/ray_io/v1/rayservices.rs index 9d03e699e..2a969ba13 100644 --- a/kube-custom-resources-rs/src/ray_io/v1/rayservices.rs +++ b/kube-custom-resources-rs/src/ray_io/v1/rayservices.rs @@ -6417,6 +6417,14 @@ pub struct RayServiceStatusActiveServiceStatusDashboardStatus { pub struct RayServiceStatusActiveServiceStatusRayClusterStatus { #[serde(default, skip_serializing_if = "Option::is_none", rename = "availableWorkerReplicas")] pub available_worker_replicas: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredCPUs")] + pub desired_cp_us: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredGPUs")] + pub desired_gp_us: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredMemory")] + pub desired_memory: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredTPUs")] + pub desired_tp_us: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredWorkerReplicas")] pub desired_worker_replicas: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -6491,6 +6499,14 @@ pub struct RayServiceStatusPendingServiceStatusDashboardStatus { pub struct RayServiceStatusPendingServiceStatusRayClusterStatus { #[serde(default, skip_serializing_if = "Option::is_none", rename = "availableWorkerReplicas")] pub available_worker_replicas: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredCPUs")] + pub desired_cp_us: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredGPUs")] + pub desired_gp_us: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredMemory")] + pub desired_memory: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredTPUs")] + pub desired_tp_us: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "desiredWorkerReplicas")] pub desired_worker_replicas: Option, #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/workloads_kubeblocks_io/v1alpha1/replicatedstatemachines.rs b/kube-custom-resources-rs/src/workloads_kubeblocks_io/v1alpha1/replicatedstatemachines.rs index cde9b76b0..a173c68cb 100644 --- a/kube-custom-resources-rs/src/workloads_kubeblocks_io/v1alpha1/replicatedstatemachines.rs +++ b/kube-custom-resources-rs/src/workloads_kubeblocks_io/v1alpha1/replicatedstatemachines.rs @@ -5290,6 +5290,9 @@ pub struct ReplicatedStateMachineStatusMembersStatus { /// PodName pod name. #[serde(rename = "podName")] pub pod_name: String, + /// Is it required for rsm to have at least one primary pod to be ready. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readyWithoutPrimary")] + pub ready_without_primary: Option, pub role: ReplicatedStateMachineStatusMembersStatusRole, }